Bounce

Bounce represents an innovative decentralized and non-custodial solution for facilitating peer-to-peer payments, underpinned by immutable smart contracts within the blockchain. It is worth noting that the act of effecting real-world fiat purchases using physical payment cards, often through intermediaries like Mastercard or Visa, has become ubiquitous. Nevertheless, the realm of cryptocurrency payments has hitherto lacked an effective, proficient, or truly compelling solution.

It is imperative to initially delineate the two primary components that most individuals would naturally contemplate when envisioning the establishment of an underlying infrastructure for this endeavor: the NFC card and the Point of Sale (PoS) terminal. The initial conceptualization, perhaps the most straightforward one (in the absence of security concerns), would involve the storage of an Externally Owned Account's (EOA) private key on the NFC card. Subsequently, a PoS terminal would be configured to receive this private key upon tapping the card on a reader. In this scenario, the terminal would propose an incompletely processed transaction, which the private key would validate and transmit to the blockchain.

Navigating this challenge without considering security is, indeed, a relatively uncomplicated task. However, as soon as security considerations enter the equation, the complexity of the issue escalates significantly.

The solution devised by the Bounce Team encompasses the introduction of two pivotal fundamental components into the system. First and foremost, a vault, serving as a centralized repository for users to safeguard their funds, comes into play. Second, an ephemeral mechanism is employed to address the intricate security concerns that arise in the execution of this concept.

Flow:

1. Ephemeral key pair is generated securely using ethers functions on the user app.
2. Ephemeral Public Key is stored in the vault contract.
3. Ephemeral Private Key is embedded in the NFC card, along with the public Ethereum address of the vault contract.
4. The card is tapped on a PoS terminal. The ephemeral private key and the vault contract address are now shared with the PoS terminal.
5. The transaction body is now built out, of which contains the amount and type of token required.
6. This is then signed with the ephemeral private key.
7. The vault contract is then called with this signed data produced in the previous step.
8. The vault contract then verifies the legitimacy of the signed data by decrypting with the ephemeral public key stored in the vault contract.
9. The vault also checks that the PoS terminal’s address is whitelisted and the transaction is within transfer limit threshold (based on a reputation system, e.g. Target might have a limit of 500 USDC, but a corner store might have a limit of 25USDC)
10. We now just have the transaction data after removing that layer of security.
11. The transfer from the vault contract is made to the PoS terminal as it has now received all the information required.

We used a Rasberry pi running Raspbian, where we installed node. We also used a third party node module to make the connection between the NFC card reader and the program itself. We ran web sockets to listen for the NFC tap. We used react native for the PoS terminal interface with daisyUI. We used ethers and hardhat to deploy and make contract calls.