Karmatrust

KarmaTrust is one of the first Verifiable Credit State Machine (VCSM) for DeFi - an infrastructure that enables undercollateralized lending through cryptographically provable credit history.

Core Innovation: • State-machine approach: Every credit upgrade requires ZK proof of eligibility • Cryptographic hash chain: Poseidon commitments prevent history tampering • Anti-sybil enforcement: Sybil defense logic embedded directly in Circom circuits (mathematically enforced) • Dual-mode privacy: Users choose between public attestations (EAS) or privacy-preserving ZK proofs

Technical Stack: • 2 compiled Circom circuits (tier_membership, state_transition) with Groth16 proving system • Smart contracts deployed on Sepolia (VCSMStateManager, TieredLending) • Split-screen frontend demonstrating User View vs Bank View to highlight privacy benefits • Real ZK proofs generating in 1-3 seconds

Target Users: DeFi protocol developers (Aave, Compound, etc.) who want to offer reduced collateral ratios based on verifiable credit history.

Value Proposition: Enable 125% collateral loans (vs 150% standard) for creditworthy users while maintaining protocol security through cryptographic verification instead of blind trust.

KarmaTrust is built as a full-stack Web3 infrastructure with three core layers:

1. Zero-Knowledge Circuits (Circom + SnarkJS) • tier_membership.circom: Proves user belongs to credit tier without revealing exact score • state_transition.circom: Proves valid credit upgrades with anti-sybil logic embedded in constraints • Poseidon hash for ZK-friendly commitments (low constraint count) • Groth16 proving system with trusted setup using Powers of Tau • Real proof generation in 1-3 seconds, verification in ~8ms

2. Smart Contracts (Solidity + Hardhat) • VCSMStateManager.sol: Stores cryptographic commitments of user credit states on-chain • TieredLending.sol: Implements tiered collateral ratios based on verified credit levels • Integrated with Ethereum Attestation Service (EAS) for public attestations • Deployed on Sepolia testnet with full verification

3. Backend API (Node.js + Express + TypeScript) • Credit scoring engine analyzing 8 on-chain factors (transaction history, token holdings, DeFi participation, wallet age, etc.) • Three-tier blockchain data fetching: Etherscan API → Public RPC → Deterministic fallback (ensures demo stability) • Dual attestation modes:

• Public Mode: Traditional EAS attestation with visible score
• Privacy Mode: Commitment-based EAS (Poseidon hash + minimum tier) + ZK proof • SnarkJS integration for server-side proof generation

4. Frontend (React + Vite + TailwindCSS) • Split-screen architecture: User View (full data) vs Bank View (privacy-protected verification results) • Real-time credit scoring with visual tier indicators • Integrated ZK proof generation UI with performance metrics display • Privacy mode workflow: Salt generation → Commitment creation → ZK proof

Challenges & Solutions: • Challenge: ZK proof generation initially too slow (>10s) Solution: Optimized circuit constraints, used Poseidon hash instead of SHA256, implemented proper witness calculation • Challenge: Privacy leak in EAS attestations (score was public) Solution: Redesigned to ZK + EAS hybrid - EAS stores commitment only, ZK proves against commitment • Challenge: Demo reliability with external APIs Solution: Three-tier fallback system with deterministic data generation

Technologies notably used: • Circom & SnarkJS for zero-knowledge proofs • Ethereum Attestation Service (EAS) for on-chain attestations • Ethers.js for blockchain interactions • Poseidon hash from circomlibjs for ZK-friendly cryptography

What we're proud of: • novel credit state machine with cryptographic verification • Anti-sybil logic enforced at circuit level (impossible to bypass) • Complete implementation with real ZK proofs (not simulated) • 10+ technical documentation files explaining architecture