Decentralized "Ticketmaster" on Polygon
Passport is a decentralized event ticketing service on web3, removing the power from centralized sources like TicketMaster and StubHub, and providing infinite resell potential without worry. Passport uses NFT's as tickets for events so that they can be easily transacted on any popular marketplace. First, organizers can sign in with their wallets and choose to mint a batch of NFT tickets to the Polygon blockchain, which can then be sold and distributed on OpenSea, etc. Attendees who have purchased the NFTs can then show up at the event and get verified by transferring the NFT ticket back to the organizer's wallet. Note that these tickets can be resold at will and potential buyers can be certain of their legitimacy by checking the original creator of the NFT.
First, for the organizer workflow, they log in using their MetaMask wallet. Then, the organizer navigates to the "Create Event" button and enters information for their event, including the ticket picture, name, location, date, time, and the number of tickets they would like. Since they're already signed in, once they click the "Create" button, this triggers a series of events. First, the event photo is uploaded to IPFS, and an IPFS hash is returned. Next, all of the metadata the organizer entered and the image IFPS hash is uploaded to IPFS. This returns an IPFS hash that represents the metadata for all of the tickets for this event. From here, a smart contract function BulkMint is called and is passed the metadata IPFS hash and the number of tickets the user would like minted. The contract is an iteration on the ERC 1155 smart contract from OpenZeppelin that implements our BulkMint functionality and was deployed using Remix. The contract then requests the organizer to sign the transaction to mint the NFTs and pay gas fees. Since this project is run on Polygon and utilizes the Mumbai test net, gas is extremely cheap and rounds to $0.00 USD. Then, the contract mints the NFTs and deposits the tokens into the organizer's wallet. A QR code is also generated using the mint date and the organizer's public address. The organizer is responsible for passing this QR code on to the vendors so they can verify attendees' tickets more accurately. Once the NFT tickets have been indexed by OpenSea, the organizer can then list them for whatever price they deem fit!
Once the NFT tickets have been indexed by OpenSea, they can also be easily purchased through the marketplace. Next, potential attendees who hold a ticket need to send their NFT back to the organizer account ("redeeming" the ticket) through their wallet service of choice (i.e. MetaMask). This can be done whenever prior to the event, with the earlier the better as there is more time for this transaction to be picked up by blockchain indexing. Once the ticket has been sent, the attendee can go to the event and generate a QR code using Passport and their Sequence wallet for verification at the gate. This QR code contains a MAC code + attendee wallet address, where the MAC code is generated from the wallet address and a secret key specific to our app.
At the gate of the event, the ticket taker uses the same Passport web app to verify attendees. First, the app needs to be initialized using the QR code given to the organizer by Passport at the initial minting stage of the event tickets. This QR code contains the organizer wallet address + mint date. Once initialized, the app can be used to scan each attendee's QR code, which is first checked for authenticity by recomputing the MAC code using the same secret key and making sure it matches the MAC code from the QR. This is done since an attacker can easily pose as a different wallet by generating a QR code of someone else's wallet if there is no MAC check.
After this, the app can trust the attendee's wallet address and proceed to verify the attendee. This is done via a Moralis API call which fetches the recent NFT transactions to the organizer's wallet. The app then looks for one such transaction such that:
the sender was the attendee's wallet address
the NFT being transacted was indeed minted by the organizer
said NFT was minted after the event's ticket mint date
These checks can be made very quickly for verifying the attendee. Note that check 2) guarantees that the NFT transacted is a legitimate ticket from the organizer and check 3) makes sure that the NFT was not from a previous event from the same organizer.
One important feature of Passport is that no user ticket/event data is stored in a localized database. Instead, everything is on the blockchain, with all verification done on this decentralized data.
Another important item of note is only the organizer and attendees need to sign in. The app has been designed in a way such that the ticket takers, individuals standing at the door of venues verifying attendees' tickets, have no need to sign in as this would introduce a vast number of potential security holes.