Like what you read?

Drop a like

On chain kyc verification for crowdsales

Download Free Plan
Muhammad Zaryab

Updated :  

March 1, 2023

Published :  

February 6, 2024

“I feel so proud and blessed that I have seen and taken advantage of many great opportunities in this world before millions of people have seen them”

Anuj Jasani

smart contract audits in usa

KYC before ICO: KYC is performed before the ICO and all the whitelisted addresses are added into the crowdsale contract.

KYC during ICO: The ICO owner keeps updating the whitelist, as per request, within the duration of the ICO.

KYC using ECRecover: This is the most cost-effective way to whitelist an investor. The ICO owner signs the investor address after the KYC verification and gives this signed data for the investor to include in the transaction.

But we are still a ways away from bringing that dream to fruition.

ECRecover Mechanism

parameter address _to is

Digital signatures are a staple of Public Key Infrastructure that allows anyone to validate the integrity and the source of the signed data. The data is signed using the private key and the public key is required to validate the signature. The ECRecover function in solidity takes in hashed data and the corresponding signature to return the public address of the signer, hence verifying the origin of the signature.

In case of KYC, an owner would verify the identity of a potential contributor either themselves or using a third-party service such as Shufti Pro, Onfido, etc. Once verified, the owner signs the investor’s address and sends it to them. The investor will use this signature when making a contribution to the ICO contract, where this signature will be verified – both where it came from (the owner) and to whom it was addressed (the investor) – before allowing the purchase of tokens.

We’ll use Ethereum-utils.js library’s ecsign function to sign the data, the web3.eth.sign signs data as “\x19Ethereum Signed Message:\n” + message.length + message. Using this function we cannot recover the actual signed address we can only get the signer of the data. But we also need the address which we’ve signed to make sure the intended participant is using the signed data.

var checksumAddress = web3.utils.toChecksumAddress(publicAddress);

var payload = web3.utils.sha3(checksumAddress);

var {v,r,s} = EthJS.Util.ecsign(EthJS.Util.toBuffer(payload),EthJS.Util.toBuffer(privateKey));

var rHex = EthJS.Util.bufferToHex(r);

var sHex = EthJS.Util.bufferToHex(s);

var v = Number(v);

v = 28

r = “0x13f55b8ee0275658b3b5867d4afcce9e042504b71310cf64193dd4a261192fa3”

s = “0x62a5e7243f5e293fc82910923af672397682ce572c86c76d97248ef860d235f6”

</span>

var checksumAddress = web3.utils.toChecksumAddress(publicAddress);

var payload = web3.utils.sha3(checksumAddress);

var {v,r,s} = EthJS.Util.ecsign(EthJS.Util.toBuffer(payload),EthJS.Util.toBuffer(privateKey));

var rHex = EthJS.Util.bufferToHex(r);

var sHex = EthJS.Util.bufferToHex(s);

var v = Number(v);

v = 28

r = “0x13f55b8ee0275658b3b5867d4afcce9e042504b71310cf64193dd4a261192fa3”

s = “0x62a5e7243f5e293fc82910923af672397682ce572c86c76d97248ef860d235f6”

Blockchain Transaction | Blockchain Developer | Block360

Next, we try to contribute using the buy Token function of the contract.

ContractInstance.methods.buyTokens(checksumAddress,v,rHex,sHex).encodeABI()

We use MetaMask to send transaction to the contract including the signature and singed data in the data field.

The transaction is successfully executed. Now using the same signed data from another account.

Metamask Blockchain Transaction | Blockchain Developer | Block360

The transaction is successfully executed.

Blockchain Transaction | Blockchain Developer | Block360

Now using the same signed data from another account.

Blockchain Transaction | Blockchain Developer | Block360

 

Conclusion:

We have successfully implemented the KYC On-chain mechanism which allows investor whitelisting without having to pay extra gas fee at either side – the investor or the owner.

Topics :

NFTs

Relevant Blogs