CRERIS

CRERIS is a privacy-first payment bridge that lets anyone pay QRIS merchants with crypto. Users scan any QRIS code, deposit ETH/USDC/USDT on Base Sepolia (or cross-chain via CCIP), and Chainlink CRE oracles automatically settle the fiat payment to the merchant. Zero merchant data ever touches the blockchain.

The problem: Indonesia's national QR payment standard (QRIS) connects 42 million merchants, but there's no way to pay them with crypto. Existing bridges expose merchant data on-chain, leak payment amounts, and require manual settlement.

How it works:

1. User scans a QRIS code with their phone camera
2. The QRIS content is encrypted (AES-256-GCM) and stored on a relay server
3. User deposits crypto to the vault contract on Base Sepolia
4. The contract emits a PaymentDeposited event with only hash commitments
5. CRE oracles pick up the event, validate the deposit on-chain, fetch the encrypted QRIS, get a live forex rate via median consensus, and settle fiat to the merchant inside a TEE via ConfidentialHTTPClient
6. A DON-signed confirmation hash is written on-chain
7. The user sees a privacy proof: on-chain hashes vs local-only merchant details

No merchant names, no payment amounts, no QRIS data ever appear on the blockchain. Failed settlements are automatically retried by a CRE cron trigger every 10 minutes. A second cron publishes a custom Proof of Reserve feed with vault solvency data.

Four independent modules, all using Bun as runtime:

• Frontend (TanStack Start, React 19, Wagmi 3, RainbowKit, HeroUI, Tailwind 4): 5-step payment flow with QR scanning, wallet connection, deposit tracking, CRE settlement progress, and a split privacy proof view. Includes a live Proof of Reserve dashboard.
• Backend (Fastify, Bun, Prisma): Handles QRIS parsing (EMV TLV), AES-256-GCM encryption, encrypted relay storage, DOKU SNAP API integration for fiat settlement, and CRE audit trail endpoints. Bearer token auth for relay access.
• Smart Contracts (Solidity 0.8.20, Foundry, OpenZeppelin): QRISPayVaultV2 on Base Sepolia accepts ETH/USDC/USDT deposits and cross-chain CCIP deposits, uses Chainlink Price Feeds for valuation, and receives DON-signed settlement reports via KeystoneForwarder. CRERISProofOfReserve stores vault solvency data. CRERISCCIPSender on Ethereum Sepolia enables cross-chain deposits.
• CRE Workflow (@chainlink/cre-sdk, TypeScript, Viem): Single 812-line workflow with 3 handlers using 20+ CRE capabilities. LogTrigger for real-time settlement, two CronTriggers for auto-retry and Proof of Reserve. Uses ConfidentialHTTPClient for TEE-protected settlement, VaultDON secrets, ConsensusAggregationByFields, consensusMedianAggregation, callContract, filterLogs, balanceAt, writeReport, and more.

Chains: Base Sepolia (vault, PoR) and Ethereum Sepolia (CCIP sender). All contracts verified on Basescan/Etherscan.