All projects

Pramanik

Privacy-preserving KYC oracle for DeFi — on-chain identity proof without exposing any personal data

View Demo
Privacy Tenderly

What it is

Pramanik (Sanskrit: प्रामाणिक — "authentic, verified, certified") is a decentralized KYC oracle built on Chainlink CRE that lets DeFi protocols verify user identity on-chain without ever exposing personal data.
The Problem: Public blockchains are transparent by design. Financial regulations (GDPR, MiFID II, FATF) require identity data to remain confidential. These two requirements directly contradict each other — locking institutional capital out of DeFi.
The Solution: Route all KYC verification through Chainlink TEEs (Trusted Execution Environments). Raw identity data is fetched from real KYC providers inside a hardware-isolated enclave. The enclave extracts only { tier, expiresAt } and destroys everything else. Only that minimal result reaches the blockchain. Zero PII ever touches the chain.
How it works:

  1. User calls KYCGate.sol with their desired jurisdiction
  2. An EVM log trigger fires a CRE workflow inside a TEE
  3. The workflow calls a KYC provider API (Jumio/Onfido/mock) via ConfidentialHTTPClient
  4. extractEligibility() strips all PII — only tier number and expiry exit the enclave
  5. EligibilityRegistry.sol receives the attestation on-chain
  6. PermissionedVault.sol (ERC-4626) gates deposits by KYC tier — RETAIL, ACCREDITED, or INSTITUTIONAL
    A second cron-triggered CRE workflow runs sanctions screening nightly, revoking attestations for flagged addresses.

How it Works

  • Smart Contracts: Solidity ^0.8.24, OpenZeppelin 5.x, Hardhat — four contracts: KYCGate.sol, EligibilityRegistry.sol, PermissionedVault.sol (ERC-4626), AttestationSBT.sol (Soulbound Token)
  • CRE Workflows: TypeScript + @chainlink/cre-sdk + Bun — two workflows: an EVM log trigger workflow for KYC verification and a cron trigger workflow for nightly sanctions screening
  • Encoding: viem 2.x (WASM-compatible, required for CRE environment)
  • Validation: Zod 3.x for input sanitization throughout
  • Mock KYC API: Express.js 4.x + TypeScript, deployed on Digital Ocean App Platform, simulates Jumio/Onfido/Chainalysis with tiered responses and bearer token auth
  • Frontend: Vanilla HTML/JS + ethers.js v6, single-file demo UI with MetaMask integration
  • Testnet: Tenderly Virtual TestNet (Mainnet fork, Chain ID 9991)

Links

Created by

  • Vansh Chitransh