Referential integrity (RI) is an important correctness property of a shared, distributed object storage system. It is sometimes thought that enforcing RI requires a strong form of consistency. In this paper, we argue that causal consistency suffices to maintain RI. We support this argument with pseudocode for a reference CRDT data type that maintains RI under causal consistency. QuickCheck has not found any errors in the model. % A reference to an object of type T containing an inref. 4 % Key of embedding object. If object has multiple outrefs, assume 5 % each one has a distinct object_key. 6 object_key: write_once register of Key 7 % routing information to referenced object 8 dest_keys: MV_register of (outkey: Key, id: uid), 9 initial (nullkey, nulluid) 11 datatype inref 12 % key of embedding object 13 object_key: write_once register of Key 14 % set of reverse references 15 rev_refs: 2P_set of (inkey: Key, id: uid), 16 initial emptyset 17 % call init only once 18 inuse: CRDT_flag, initial false 20 % if outref exists, inref exists 21 invariant 22 forall r: outref of T 23