VeriPay

VeriPay is an application for selling second-hand items between individuals. While it may not be a revolutionary idea, it is a sufficiently complete project that can be considered a “full-stack” application.

I started with the following observation: building a decentralized application involves using blockchain technology, meaning every change to the application’s state requires interaction with a smart contract. However, in reality, there are many ways to limit blockchain usage to actions that require a trusted third party.

Here’s the mindset behind VeriPay’s stack: anyone can modify the front end of the application to perform malicious actions, such as posting a product without verifying their identity. However, this is not a problem because other users (who have not modified their front ends) will filter the results according to the application’s policies, meaning a verified profile is required to post.

User verification and the transaction status for purchasing a product are managed through the blockchain. We store minimal information, and the app uses this data to display only consistent information to legitimate users.

We have also considered a dispute resolution system that allows for resolution with oracles compensated by the losing party. This system has not been implemented yet but is detailed on the VeriPay homepage. Implementation is possible but has not been realized due to time constraints.

Technical Implementation Details:

Our application uses Vue.js for the frontend, with a development stack inspired by Scaffold-ETH, enabling easy and reliable development.

We have developed a smart contract that verifies World ID registrations and stores them on the blockchain. This contract also manages financial transactions between users, ensuring that funds are transferred only when the product transaction is completed correctly on both sides.

World ID registration holds users accountable by allowing judges who resolve conflicts to ban an ID and place it on the application’s blacklist, encouraging healthy behavior on the platform.

For the database, we use Gun.js, a decentralized database. Since data published on Gun.js is public, we implemented an encryption system based on wallet signatures to ensure data security and privacy. For example, the chat is end-to-end encrypted, and personal data stored on Gun.js is also encrypted, allowing only the wallet holder to decrypt their data.

We use the IPFS protocol for storing images of listings, though this implementation is not yet complete.

The application operates on multiple blockchains, allowing users to register and receive funds on the chain of their choice. For the demo, I have deployed the contract on Base and Optimism, but adding additional chains is straightforward. Since there is no communication between the chains, a malicious user could verify two accounts (addresses) with a single World ID token (once on Base and once on Optimism). We have considered this issue and decided to allow it, but we store the timestamp of registrations. This means that a legitimate user (who has not modified their front end) can easily see that a World ID token has been used twice and judge from the timestamp whether it is a legitimate verification or if the product should not be displayed.

Conclusion:

In conclusion, VeriPay demonstrates how decentralized applications can effectively utilize blockchain technology to create a secure, full-stack solution for peer-to-peer transactions. By leveraging smart contracts, World ID verification, and decentralized data storage, we aim to provide a user-friendly platform that encourages trust and transparency. Our multi-chain support and encryption strategies ensure that users have control over their data and transactions, laying a strong foundation for future developments.