ShieldRamp

Problem Statement

ShieldRampA P2P on/off-ramp for Indian users on WorldChain, powered by UPI + Pluto TEE-based Web Proofs.OverviewShieldRamp enables verified humans on WorldChain to seamlessly off-ramp crypto into INR via UPI. The system leveragesWorld ID verificationto ensure one-human-one-account andPluto TEE-based Web Proofsto securely prove off-chain UPI payments on-chain.FlowSellers (INR Off-Ramp Providers)Open theShieldRamp Mini App.DepositWorldcoin (WLD)into the on-chain escrow contract.Register theirUPI ID(for receiving INR payments).Earn yield from transaction fees (1.5–2%) + spread buffer (~0.5%) on each off-ramp.Users (Off-Ramp)Must be averified human via World ID Orb.Signal intent to off-ramp (max$500 equivalent per verified human).Matched with a Seller from the pool.Send INR payment viaUPI → Seller’s UPI ID.Generate aTEE-based Web Proof via Plutoconfirming the payment.Submit proof to the escrow contract.Escrow releases crypto funds from Seller → User.Key Features✅One-Human-One-Account: Enforced via World ID.✅Trustless Settlement: Users submit proof to escrow to unlock funds automatically.✅Privacy-Preserving Proofs: Powered by Pluto’s TEE mode.✅Fair Limits: Max $500 per user to reduce risk.Tech StackWorldChainfor contracts.Pluto TEE-based Web Proofsfor off-chain → on-chain verification.UPIfor INR transfers.Mini App UI(React/Next.js).Why ShieldRamp?Solves theIndia-specific on/off-ramp gap.Usesverifiable paymentswithout needing custodians.LPs earn yield while users get easy fiat exits.

Solution

Client (client/)Next.js 15 + React 19Mini App using@worldcoin/minikit-jsand@worldcoin/minikit-reactto run inside World App.On-device flows:Wallet auth via SIWE:GET /api/nonceissues a cookie-stored nonce,POST /api/complete-siweverifies withverifySiweMessage.World ID verification viaMiniKit.commandsAsync.verify(...)with Orb level, then used to call on-chain registrar.Transactions sent viaMiniKit.commandsAsync.sendTransaction(...)directly to WorldChain using ABIs fromclient/utils/constants.js.Contract reads/writes done withviemagainstworldchainRPC; event history hydrated viagetLogsandparseAbiItem.Pluto TEE integration with@plutoxyz/frame-jsembeds a TEE browser session that automates Amazon Pay history, extracts receipt fields, and produces a signed Web Proof. The proof JSON is fed to the contract throughclaimFunds.Smart Contracts (contracts/)escrowV1.solimplements the core flow:Sellers deposit WLD usingPermit2(ISignatureTransfer) viadepositFunds(permit, details, sig); funds tracked perdepositId.BuyerssignalIntent(depositId, amount)with 24h expiry and single active intent constraint.claimFunds(input, signature)verifies Pluto attestation on-chain usingPlutoAttestationVerifierand transfers WLD to buyer, marking the UPI tx as claimed to prevent replay. Emits rich events for UI history.Sellers canwithdrawRemainingFundsfor unused liquidity.plutoVerifier.solcontains:Verifierwhich gates trusted notary addresses and verifies ECDSA signatures over a digest computed from session+script hashes; prevents duplicate proof reuse per-digest mapping.PlutoAttestationVerifierthat reconstructsscriptHash,sessionHash, anddigest, checks signer, and returns boolean toescrowV1.L2RegistrarWIthWorld.sol(demo): World ID proof gating for username-style registrations; shows how the same MiniKit World ID payload maps to on-chainregister(...).APIs (client/app/api/)nonce/route.js: secure nonce cookie for SIWE.complete-siwe/route.js: verifies SIWE with@worldcoin/minikit-js.verify/route.js: optional server-side World ID cloud verification viaverifyCloudProoffor off-chain checks.Notable hacks and learningsUsed MiniKit’s built-in Permit2 support by passingpermit2: [...]in the transaction call while still supplying a placeholder signature arg to match the escrow ABI, simplifying WLD approvals inside World App.Robust World ID field extraction in the client tolerates multiple SDK payload shapes and hex-encoded proof packing to ensure compatibility across SDK versions.Pluto automation script handles Amazon Pay 2FA via interactive prompts inside the TEE session, scrapes a JSON blob from adataattribute, and proves only the minimal fields required on-chain:paymentStatusTitle,paymentTotalAmount,receiverUpiId,upi_transaction_id.Escrow enforces one-active-intent-per-buyer and 24h expiry to mitigate griefing; UPI transaction IDs are tracked on-chain to prevent double-claims.Event-driven UI: the app incrementally reconstructs history withviem.getLogsacross a moving block window to stay responsive inside a mobile mini app.