Rewind X — Architecture
Non-custodial infrastructure for protected ERC-20 transfers on BNB Chain.
All state transitions follow fixed on-chain rules — no human decisions.
System Flow
User Wallet
Initiates protected transfer
Transfer Layer
Protected transfer creation, claims, rewind intents
State Ledger
Single source of truth for transfer lifecycle
Risk & Safety
Deterministic gates: limits, cooldowns, integrity checks
Rewind
Sender reclaims funds
Early Release
Sender releases → Recipient claims
Finalize
Expiry → Recipient claims
Proof Layer
On-chain rewind attestation
All user-initiated state changes pass through a single canonical entry layer. Internal modules cannot be invoked directly.
Modules
| Layer | Function |
|---|---|
| Transfer Interface | Protected transfer creation, claiming, rewind execution. Supports ERC-20 tokens on BNB Chain. |
| State Ledger | Single source of truth for all transfer states and lifecycle transitions. |
| Risk & Enforcement | Deterministic limits, cooldowns, rule-based integrity checks. No discretionary overrides. |
| Fees & Accounting | Bounded fee computation and revenue distribution. |
| Proof & Utility | On-chain rewind attestation (Rewind Proof NFT). Tier-based parameter constraints. |
Execution Model
Rewind X introduces a protected execution window (3 min – 24h) for operational transfers. All state transitions are deterministic and on-chain.
User Wallet
ERC-20 Transfer Flow
Protected Rail
V1 — Active- Time-bounded window (3 min – 24h)
- Sender can rewind during window
- Mistake and scam mitigation
- Rewind Proof NFT on execution
V1 operates the Protected Rail only.
System Invariants
- •A transfer resolves to either finalized or rewound — never both, never neither
- •Only the original sender can trigger a rewind
- •After window expiry, finalization is irreversible
- •No privileged actor can redirect or seize user balances
- •Safety mechanisms restrict actions — they do not move funds
- •Proof tokens are minted only after successful rewind execution
Control Surface
Trust-minimized administrative controls:
| Control | Scope | Capability |
|---|---|---|
| Emergency pause | State transitions | Halts new operations; cannot move balances |
| Fee parameters | Accounting | Bounded ranges; cannot exceed protocol caps |
| Module upgrades | Non-core paths | Timelock-governed; core ledger is non-upgradeable |
Security Guarantee
No admin path exists to transfer, redirect, or freeze user funds. Paused state preserves all balances in-place; resolution resumes from the same state once unpaused.
System Status
- •17 production-ready contracts
- •Tested against production-equivalent EVM state
- •Mainnet deployment in preparation. Internal security review completed. External audit planned post-validation.
For technical questions: contact.rewindx@proton.me