# What Are On-Chain Vaults?

<figure><img src="https://1813598319-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fg7CuDjZTqivGehboo0kG%2Fuploads%2FCgbZDwM1xlXGEkkjX3eC%2FWhat%20Are%20On-Chain%20Vaults%201.png?alt=media&#x26;token=0833720d-786b-4d80-a78b-edf61bc6c445" alt=""><figcaption></figcaption></figure>

On-chain vaults are the **core security mechanism** of Zipper, ensuring that every **zAsset on Fabric is fully backed 1:1 by its real counterpart** on its original blockchain. These vaults function as **transparent, decentralized storage** locations where users’ deposited assets remain securely held while their zAsset equivalent exists on Fabric.

#### **How Vaults Secure Funds**

Each external blockchain has a **dedicated vault** controlled by Zipper. When a user **zips an asset**, it is **deposited into the vault**, and a corresponding **zAsset is minted** on Fabric. When a user **unzips**, the corresponding zAsset is **burned**, and the original asset is **released from the vault** back to the user.

Vaults ensure:\
✅ **1:1 Backing** - Every zAsset on Fabric corresponds exactly to an asset stored in an on-chain vault.\
✅ **Trustless Security** - Users can verify the vault’s balance **on-chain** at any time.\
✅ **No Liquidity Pools** - Vaults are not used for lending or staking; funds remain **secure and untouched** until a user requests a withdrawal.

#### **Multi-Signature & TEE Security**

To prevent **single points of failure**, Zipper secures its vaults using a **multi-signature (multi-sig) model** combined with **Trusted Execution Environment (TEE) technology**.

* **Multi-Sig Protection** - Vault transactions require multiple signatures, ensuring that no single entity has full control over user funds.
* **TEE Security Model** - Trusted Execution Environments protect vault private keys, ensuring that **even Zipper’s operators cannot unilaterally access or move funds**.

This **redundant security architecture** ensures that **even in extreme scenarios, funds remain fully protected**.

#### **Full Transparency & Public Verification**

Zipper’s vaults are **completely auditable**, and users can verify:

* The total balance of assets stored in vaults.
* The contract addresses of zipped and unzipped assets.
* The history of deposits and withdrawals.

Users can **track all vault activity directly on-chain** using [**FabricScan**](https://scan.fabriclabs.org/) and block explorers for each original blockchain.

#### **Zipper’s Role in Vault Management**

Zipper **only facilitates vault deposits and withdrawals -** it does not verify asset legitimacy. The **best way for users to verify assets** is to **check contract addresses during the Zipping process and use FabricScan for confirmation**.