Study how SR9 lowers Motoko contracts to Viper for compile-time property proofs.
Prototype an ICRC-token AMM with 0.3 percent fee split between operator and LPs.
Demonstrate a safe ledger retirement flow that requires pools and balances to be cleared first.
Use as a teaching example for conservation invariants across cross-canister calls.
Research artifact only; needs the Internet Computer Motoko toolchain plus SR9 and Viper to build and check the proofs, and is explicitly not safe to hold real funds.
This repository is a demo of a decentralized exchange (a DEX, the kind of token-swapping smart contract popularised by Uniswap) written for the Internet Computer in the Motoko language. The author is very direct about what it is and is not. It is a research artifact meant to show off a verification technique called SR9; it is not audited, not production-ready, and absolutely not meant to hold real user funds. The DEX itself does the usual things a small AMM-style exchange does. Users deposit tokens from external ICRC-style ledgers (ICRC is the token standard on the Internet Computer, similar in spirit to ERC-20 on Ethereum) into a local balance held by the DEX. They can then swap one deposited token for another through constant-product liquidity pools, add or remove liquidity in those pools, and finally withdraw their balance back out to the external ledger. The fee on each swap is 0.3 percent, of which 20 percent goes to the operator and 80 percent stays in the pool for liquidity providers. A controller principal, which can be a human, an operations canister, or a DAO, is in charge of whitelisting ledgers, creating pools, and shutting things down safely. What makes this demo unusual is that the code carries machine-checked contracts. SR9 lowers those contracts to a verifier called Viper, which proves at compile time that certain properties always hold. The README lists the proven properties in detail. Deposits only credit a user after the underlying ledger transfer actually returns success. Withdrawals debit local balance before the external call and restore the exact amount if the call fails. Swaps recompute prices against current reserves rather than trusting a stale quote, cannot drain the output reserve, and respect a minimum-output limit. A central conservation equation, that the net amount on the external ledger equals what the DEX still owes users plus pending outflows plus officially abandoned dust, is preserved across every checked transition. A careful retirement flow lets a ledger be removed only after all pools, balances, and pending operations involving it have been cleared, with explicit user consent required for tiny dust amounts.
Generated 2026-05-22 · Model: sonnet-4-6 · Verify against the repo before relying on details.