Assura

Problem Statement

Assura Network is a developer-friendly compliance layer that simplifies regulatory compliance for blockchain applications. Instead of building compliance infrastructure from scratch, developers can integrate Assura in under an hour and immediately enforce programmable compliance rules.For Developers: Easy IntegrationAssura provides a simple, modular approach to compliance:Import the Assura contracts- Add a few imports to your smart contractSet your requirements- Define minimum scores, expiry times, and chain restrictionsAdd a modifier- Protect your functions with a single modifierDone- Compliance is now enforced automaticallyNo need to build KYC systems, manage user databases, or handle complex compliance logic. Assura handles all of this through its Oasis TEE (Trusted Execution Environment) infrastructure, which evaluates users off-chain and provides cryptographically signed attestations that are verified on-chain.Core Compliance FeaturesAssura Network enables three core programmable compliance values that are attested by the Oasis TEE and verified on-chain by your smart contract:1. Confidence ScoreA numeric score between 0–1000 that evaluates a user's wallet activity and identity level. Examples of factors included:Whether the user has completed self-based KYCWallet age / when it was fundedInteraction with privacy protocolsInteraction with sanctioned addressesOptional full video + passport KYC (stored securely and encrypted inside the Oasis TEE, grants the maximum confidence score)2. Time-Based BypassIf an app requires a score higher than a user's confidence score and the user does not want to provide more information, Assura introduces a time-based interface where:The user's assets are temporarily held inside a smart account owned entirely by the userA time-based lock is applied depending on the app's required scoreDuring this period, funds remain in the user-owned smart accountAfter time expires, the signed intent can be executed into the protocolUsers can also force-withdraw if they chooseThis works with any protocol, since the smart account is fully user-owned and Assura only enforces timing rules based on the app's compliance configuration3. ExpiryAll attestations include an expiry. Once expired, the attestation is no longer valid on-chain and must be refreshed by the user.Programmable ConfigurationAll compliance parameters are configured directly in your smart contract, making your application fully programmable from deployment. Assura reads this configuration off-chain before issuing any attestations. You can define:Required app score (minimum confidence level)Allowed/blocked country codes (hex format)Minimum required time (for time-based bypass)Intermediate controlled account (with self custody)Other compliance rulesThis means your compliance rules are part of your contract's immutable configuration, ensuring consistent enforcement and eliminating the need for centralized compliance management.Why Use Assura?For Developers:Fast Integration: Add compliance to your app in under an hourNo Infrastructure: No need to build KYC systems or manage user databasesFlexible: Configure compliance rules per function or per contractSecure: Leverages Oasis TEE for secure, verifiable attestationsGas Efficient: Minimal on-chain overhead, most computation happens off-chainOptimized Performance: ENS subdomain system enables fast verification for returning compliant usersFuture-Proof: Compliance rules can be updated without redeploying contractsFor Your Users:Privacy-Preserving: Users don't need to share sensitive data on-chainFlexible Options: Can provide KYC for higher scores or use time-based bypassSelf-Custody: Users maintain full control of their assetsCross-App: Single attestation can be used across multiple Assura-protected appsCustomer Groups1. InstitutionsInstitutions can use Assura to offer a verifiable interface for liquidity provision, tokenization of RWAs or stocks, and other financial activity ensuring that only compliant users can access or trade through their interface.2. App BuildersApp builders can instantly launch compliance-ready applications that only allow specific users to interact with their apps, preventing access from sanctioned regions, hacker groups, or other restricted categories. This removes the need for builders to handle compliance logic themselves.3. UsersFor users, Assura generates attested tax reports that summarize all activity performed with their wallets across both compliant and non-compliant apps, making legal and reporting processes significantly easier.

Solution

Architecture OverviewThe Assura system consists of three main components:Oasis TEE (Trusted Execution Environment): Off-chain service running on Oasis that evaluates user compliance and signs attestations securelyAssuraVerifier Contract: On-chain verification contract that validates Oasis TEE signatures and enforces compliance rulesApplication Contracts: Your smart contracts that integrate Assura for compliance protection┌─────────────┐ ┌──────────────┐ ┌─────────────┐ │ Oasis TEE │ │ AssuraVerifier│ │ Application │ │ (Signer) │────────▶│ Contract │◀───────│ Contract │ └─────────────┘ └──────────────┘ └─────────────┘ │ │ │ │ Signs │ Verifies │ Enforces │ Attestations │ Signatures │ Compliance │ │ │ └─────────────────────────┴─────────────────────────┘ User submits compliance dataENS Subdomain System for Compliant User TrackingAssura usesENS subdomains with an off-chain resolverto efficiently track users who have already interacted and meet compliance score criteria. This optimization reduces redundant verification and improves user experience.How It Works:Subdomain Creation: When a user successfully interacts with an Assura-protected application and meets the required score criteria, the Oasis TEE creates an ENS subdomain underassuranet.ethfor that userOff-Chain Resolver: The subdomain uses an off-chain resolver (via Namespace) to store compliance metadata without on-chain gas costsFast Verification: On subsequent interactions, the TEE can quickly check if a user already has a compliant subname, avoiding redundant verificationMetadata Storage: The subdomain can store text records containing:User's compliance scoreLast verification timestampCompliance status flagsOther relevant metadataBenefits:Performance: Faster attestation for returning users who already meet score requirementsCost Efficiency: Off-chain storage reduces gas costs for compliance trackingUser Experience: Returning compliant users get instant verification without re-evaluationDecentralized: Uses ENS infrastructure for decentralized identity and compliance trackingExample Flow:User0x123...interacts with an Assura-protected app with score 750User meets the app's requirement (score ≥ 500)Oasis TEE creates subname0x123.assuranet.ethwith text records indicating complianceOn next interaction, TEE checks subname existence and metadataIf compliant and score still valid, attestation is issued immediately without full re-evaluationCore Smart Contracts1. AssuraVerifier ContractThe main verification contract (AssuraVerifier.sol) provides:Key Features:Verification Data Storage: Each application contract can register verification requirements (score thresholds, expiry times, chain IDs) for specific functionsOasis TEE Signature Validation: Verifies that compliance attestations are signed by the authorized Oasis TEE address using EIP-712 or EIP-191 signaturesCompliance Checking: Validates that user attestations meet the required criteriaBypass Entry Management: Automatically creates time-based bypass entries when users have insufficient scoresKey Functions:// Set verification requirements for an app contract function setVerifyingData( address appContractAddress, bytes32 key, AssuraTypes.VerifyingData memory data ) external; // Verify compliance data (view function, no state changes) function verify( address app, bytes32 key, bytes calldata attestedComplianceData ) external view returns (bool); // Verify compliance with automatic bypass entry creation function verifyWithBypass( address app, bytes32 key, bytes calldata attestedComplianceData ) external returns (bool);Bypass Mechanism:When a user's score is insufficient,verifyWithBypassautomatically creates a bypass entry:Calculates time lock:expiry = block.timestamp + (scoreDifference * 10 seconds)Stores bypass entry with expiry timestampUser can access after expiry time passesEach bypass entry has a nonce for replay protection2. Data StructuresAttestedData(signed by Oasis TEE):struct AttestedData { uint256 score; // Confidence score (0-1000) uint256 timeAtWhichAttested; // Timestamp when attestation was created uint256 chainId; // Chain ID where attestation is valid }VerifyingData(requirements set by app):struct VerifyingData { uint256 score; // Minimum required score (0 = no requirement) uint256 expiry; // Expiry timestamp (0 = no expiry) uint256 chainId; // Required chain ID (0 = any chain) }ComplianceData(submitted by user):struct ComplianceData { address userAddress; // The user's address bytes32 key; // Function selector or verification key bytes signedAttestedDataWithTEESignature; // Oasis TEE signature over AttestedData AttestedData actualAttestedData; // The attested data }BypassData(time-based access control):struct BypassData { uint256 expiry; // Timestamp when bypass expires and user can access uint256 nonce; // Nonce for replay protection bool allowed; // Always set to true when created }3. AssuraVerifierLib LibraryThe library (AssuraVerifierLib.sol) provides helper functions:Signature Verification:Supports both EIP-712 and EIP-191 signature formats for backward compatibilityUses OpenZeppelin'sSignatureCheckerto support both EOA and smart contract wallets (EIP-1271)Compliance Checking:Validates score requirementsChecks expiry timestampsVerifies chain ID compatibilityReturns boolean result for easy integrationHelper Function:function requireCompliance( IAssuraVerifier verifier, address app, bytes32 key, bytes calldata attestedComplianceData ) internal;This function is designed to be used in modifiers, automatically callingverifyWithBypassand reverting if verification fails.Verification FlowUser Requests Attestation from Oasis TEE:User submits wallet address and desired function/operationOasis TEE checks for existing ENS subdomain ({address}.assuranet.eth) via off-chain resolverIf subdomain exists and user meets score criteria, TEE can issue attestation immediatelyOtherwise, TEE evaluates compliance factors (KYC status, wallet age, interactions, etc.)Oasis TEE generatesAttestedDatawith score, timestamp, and chain IDIf user meets score requirements, TEE may create/update ENS subdomain for future fast verificationOasis TEE signs the data using EIP-712 or EIP-191 formatUser Prepares Compliance Data:User createsComplianceDatastruct with:Their addressFunction selector (key)TEE signatureThe attested dataEncodes it:bytes complianceData = abi.encode(complianceData)User Calls Application Function:User calls the application function with compliance dataFunction usesonlyCompliantmodifierOn-Chain Verification Process:Modifier callsAssuraVerifierLib.requireCompliance()Library callsassuraVerifier.verifyWithBypass()AssuraVerifier:DecodesComplianceDatafrom bytesVerifies key matches function selectorValidates Oasis TEE signature (supports EIP-712 and EIP-191)Validates signer matchesASSURA_TEE_ADDRESS(Oasis TEE address)Checks if bypass entry exists and is valid (expired)If no valid bypass and score insufficient, creates new bypass entryChecks expiry (if set in VerifyingData)Checks chainId (if set in VerifyingData)Validates score meets requirementReturnstrueif all checks pass, otherwise revertsFunction Execution:If verification passes, function executesIf verification fails, transaction revertsNPM Package: https://www.npmjs.com/package/assura-sdk ASSURA_VERIFIER:"0xf4e351d9ed83b5516b82c044b0e5ee570154010d"