secure-transac-contracts 1.0.0

package/contracts/AccessControl.sol

@@ -0,0 +1,34 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+import "@openzeppelin/contracts/access/Ownable.sol";
+
+contract AccessControl is Ownable {
+    enum AuthorityTier { NONE, STANDARD, INSTITUTIONAL, DIAMOND }
+    
+    mapping(address => bool) public isAuthorizedReporter;
+    mapping(address => AuthorityTier) public reporterTier;
+
+    event ReporterStatusChanged(address indexed reporter, bool status, AuthorityTier tier);
+
+    constructor() Ownable(msg.sender) {
+        // Owner is the default Diamond reporter
+        isAuthorizedReporter[msg.sender] = true;
+        reporterTier[msg.sender] = AuthorityTier.DIAMOND;
+    }
+
+    modifier onlyReporter() {
+        require(isAuthorizedReporter[msg.sender], "Not an authorized reporter");
+        _;
+    }
+
+    function setReporterStatus(
+        address reporter,
+        bool status,
+        AuthorityTier tier
+    ) external onlyOwner {
+        isAuthorizedReporter[reporter] = status;
+        reporterTier[reporter] = status ? tier : AuthorityTier.NONE;
+        emit ReporterStatusChanged(reporter, status, tier);
+    }
+}

package/contracts/CreditSystem.sol

@@ -0,0 +1,48 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+import "./AccessControl.sol";
+
+contract CreditSystem is AccessControl { // Inherit AccessControl to share base with others
+    mapping(address => uint256) public credits;
+    uint256 public constant VIEW_COST = 0.01 ether; // Cost to view a private score (in wei/credits)
+    
+    // SCALE: 1 ETH = 1 Credit (for simplicity in this demo, using wei values directly)
+    // In a real app, you might want a different exchange rate. Here 1 wei deposited = 1 unit credit.
+
+    event CreditsDeposited(address indexed user, uint256 amount);
+    event CreditsDeducted(address indexed user, uint256 amount);
+
+    /**
+     * @dev Deposit ETH to get credits. 
+     * 1 wei = 1 credit unit.
+     */
+    function deposit() public payable {
+        require(msg.value > 0, "Must deposit non-zero amount");
+        credits[msg.sender] += msg.value;
+        emit CreditsDeposited(msg.sender, msg.value);
+    }
+
+    /**
+     * @dev Returns the credit balance of the caller.
+     */
+    function myCredits() public view returns (uint256) {
+        return credits[msg.sender];
+    }
+
+    /**
+     * @dev Internal function to deduct credits.
+     * Throws if insufficient balance.
+     */
+    function _deductCredits(address user, uint256 amount) internal {
+        require(credits[user] >= amount, "Insufficient credits");
+        credits[user] -= amount;
+        emit CreditsDeducted(user, amount);
+    }
+    
+    // Allow admin to withdraw funds accumulated in the contract
+    function withdraw() public onlyOwner {
+        uint256 balance = address(this).balance;
+        payable(owner()).transfer(balance);
+    }
+}

package/contracts/Guardian.sol

@@ -0,0 +1,33 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+import "./TrustRegistry.sol";
+
+/**
+ * @title Guardian
+ * @dev Base contract to provide trust-score based access control.
+ */
+abstract contract Guardian {
+    TrustRegistry public immutable registry;
+    uint256 public minRequiredScore;
+
+    error InsufficientTrustScore(address user, uint256 score, uint256 required);
+    error AddressBlacklisted(address user);
+
+    constructor(address _registry, uint256 _minScore) {
+        registry = TrustRegistry(_registry);
+        minRequiredScore = _minScore;
+    }
+
+    modifier onlyTrusted() {
+        uint256 userScore = registry.getScore(msg.sender);
+        
+        require(!registry.isBlacklisted(msg.sender), "Address blacklisted");
+        require(userScore >= minRequiredScore, "Insufficient trust score");
+        _;
+    }
+
+    function updateMinScore(uint256 _newMinScore) internal {
+        minRequiredScore = _newMinScore;
+    }
+}

package/contracts/IGuardian.sol

@@ -0,0 +1,7 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+interface IGuardian {
+    function registry() external view returns (address);
+    function minRequiredScore() external view returns (uint256);
+}

package/contracts/IdentityVault.sol

@@ -0,0 +1,57 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+import "./Guardian.sol";
+
+/**
+ * @title IdentityVault
+ * @dev Stores encrypted user data (IPFS hashes) and manages access reveal for authorities.
+ */
+contract IdentityVault is Guardian {
+    struct EncryptedData {
+        string ipfsHash;
+        uint256 timestamp;
+        bool exists;
+    }
+
+    mapping(address => EncryptedData) private userToData;
+    mapping(address => bool) public isAuthorizedAuthority;
+
+    event DataStored(address indexed user, string ipfsHash);
+    event DataRequested(address indexed user, address indexed authority);
+    event AuthorityStatusChanged(address indexed authority, bool status);
+
+    error NotAuthorizedAuthority(address authority);
+    error DataNotFound(address user);
+
+    constructor(address _registry) Guardian(_registry, 600) {
+        // Owner/Registry owner can set authorities
+    }
+
+    function setAuthorityStatus(address authority, bool status) external {
+        // Simple logic: Only registry owner can set authorities
+        require(msg.sender == registry.owner(), "Only registry owner can set authorities");
+        isAuthorizedAuthority[authority] = status;
+        emit AuthorityStatusChanged(authority, status);
+    }
+
+    // Store user's own encrypted identity data - no trust score required for own data
+    function storeData(string calldata _ipfsHash) external {
+        userToData[msg.sender] = EncryptedData({
+            ipfsHash: _ipfsHash,
+            timestamp: block.timestamp,
+            exists: true
+        });
+        emit DataStored(msg.sender, _ipfsHash);
+    }
+
+    function requestData(address _user) external view returns (string memory) {
+        if (!isAuthorizedAuthority[msg.sender]) {
+            revert NotAuthorizedAuthority(msg.sender);
+        }
+        if (!userToData[_user].exists) {
+            revert DataNotFound(_user);
+        }
+        return userToData[_user].ipfsHash;
+    }
+}

package/contracts/ReportingSystem.sol

@@ -0,0 +1,14 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+// Reporting does not necessarily need strict access control if meant to be public, 
+// but referencing AccessControl for consistency or future restrictions.
+import "./AccessControl.sol";
+
+contract ReportingSystem {
+    event ReportSubmitted(address indexed reporter, address indexed target, string reason, uint256 timestamp);
+
+    function submitReport(address target, string calldata reason) external {
+        emit ReportSubmitted(msg.sender, target, reason, block.timestamp);
+    }
+}

package/contracts/ScoringSystem.sol

@@ -0,0 +1,71 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+import "./AccessControl.sol";
+import "./CreditSystem.sol";
+
+contract ScoringSystem is CreditSystem {
+    mapping(address => uint256) private scores;
+    
+    uint256 public whitelistThreshold = 800; // 0.8
+    uint256 public blacklistThreshold = 200; // 0.2
+
+    event ScoreUpdated(address indexed user, uint256 newScore);
+    event ThresholdUpdated(uint256 whitelistThreshold, uint256 blacklistThreshold);
+    event ScoreRevealed(address indexed target, uint256 score, address indexed viewer);
+
+    function updateScore(address user, uint256 newScore) external onlyReporter {
+        require(newScore <= 1000, "Score must be between 0 and 1000");
+        scores[user] = newScore;
+        emit ScoreUpdated(user, newScore);
+    }
+
+    function setThresholds(
+        uint256 _whitelistThreshold,
+        uint256 _blacklistThreshold
+    ) external onlyOwner {
+        require(_whitelistThreshold <= 1000, "Whitelist threshold must be <= 1000");
+        require(_blacklistThreshold <= 1000, "Blacklist threshold must be <= 1000");
+        require(_whitelistThreshold > _blacklistThreshold, "Whitelist must be > blacklist");
+
+        whitelistThreshold = _whitelistThreshold;
+        blacklistThreshold = _blacklistThreshold;
+        emit ThresholdUpdated(_whitelistThreshold, _blacklistThreshold);
+    }
+
+    /**
+     * @dev Pay to view a score. Deducts credits from user.
+     */
+    function accessScore(address target) public returns (uint256) {
+        // Admin can view for free (owner)
+        if (owner() != _msgSender()) {
+             _deductCredits(_msgSender(), VIEW_COST);
+        }
+        
+        uint256 score = scores[target];
+        if (score == 0) score = 500; // Default
+        
+        emit ScoreRevealed(target, score, _msgSender());
+        return score;
+    }
+
+    /**
+     * @dev Admin view for free.
+     */
+    function getScore(address user) external view onlyOwner returns (uint256) {
+        uint256 score = scores[user];
+        return score == 0 ? 500 : score;
+    }
+
+    function isWhitelisted(address user) public view returns (bool) {
+        uint256 score = scores[user];
+        if (score == 0) score = 500;
+        return score >= whitelistThreshold;
+    }
+
+    function isBlacklisted(address user) public view returns (bool) {
+        uint256 score = scores[user];
+        if (score == 0) return false; 
+        return score <= blacklistThreshold;
+    }
+}

package/contracts/SecureTransacSBT.sol

@@ -0,0 +1,72 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+import "@openzeppelin/contracts/token/ERC721/ERC721.sol";
+import "@openzeppelin/contracts/access/Ownable.sol";
+
+interface ITrustRegistry {
+    function getScore(address user) external view returns (uint256);
+}
+
+/**
+ * @title SecureTransacSBT
+ * @dev Soulbound Token representing a user's reputation.
+ * Non-transferable and visually evolves based on TrustRegistry score.
+ */
+contract SecureTransacSBT is ERC721, Ownable {
+    ITrustRegistry public registry;
+    
+    mapping(address => bool) private _hasMinted;
+
+    event ReputationCardMinted(address indexed user, uint256 initialScore);
+
+    constructor(address _registry) ERC721("SecureTransac Reputation Card", "STRC") Ownable(msg.sender) {
+        registry = ITrustRegistry(_registry);
+    }
+
+    /**
+     * @dev Mint a soulbound card. Can only be done once per address.
+     */
+    function mint() external {
+        require(!_hasMinted[msg.sender], "SBT already minted");
+        
+        uint256 score = registry.getScore(msg.sender);
+        _hasMinted[msg.sender] = true;
+        _safeMint(msg.sender, uint256(uint160(msg.sender))); // ID is the address representation
+        
+        emit ReputationCardMinted(msg.sender, score);
+    }
+
+    /**
+     * @dev Prevent transfers (Soulbound logic)
+     */
+    function _update(address to, uint256 tokenId, address auth) internal override returns (address) {
+        address from = _ownerOf(tokenId);
+        if (from != address(0) && to != address(0)) {
+            revert("SBT: Transfer not allowed");
+        }
+        return super._update(to, tokenId, auth);
+    }
+
+    /**
+     * @dev Returns the level based on the trust score.
+     */
+    function getReputationLevel(address user) public view returns (string memory) {
+        uint256 score = registry.getScore(user);
+        if (score >= 900) return "DIAMOND";
+        if (score >= 800) return "PLATINUM";
+        if (score >= 600) return "GOLD";
+        if (score >= 400) return "SILVER";
+        return "BRONZE";
+    }
+
+    function tokenURI(uint256 tokenId) public view override returns (string memory) {
+        _requireOwned(tokenId);
+        address ownerAddr = address(uint160(tokenId));
+        string memory level = getReputationLevel(ownerAddr);
+        
+        // In production, this would return a base64 encoded JSON or IPFS link
+        // For the demo, we return a mock dynamic metadata string
+        return string(abi.encodePacked("SecureTransac-SBT-Level:", level));
+    }
+}

package/contracts/SecureTransacToken.sol

@@ -0,0 +1,20 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
+import "@openzeppelin/contracts/token/ERC20/extensions/ERC20Permit.sol";
+import "@openzeppelin/contracts/access/Ownable.sol";
+
+/**
+ * @title SecureTransacToken ($TRUST)
+ * @dev Governance and utility token for the SecureTransac Network.
+ */
+contract SecureTransacToken is ERC20, ERC20Permit, Ownable {
+    constructor() ERC20("SecureTransac Trust Token", "TRUST") ERC20Permit("SecureTransac") Ownable(msg.sender) {
+        _mint(msg.sender, 1000000 * 10 ** decimals()); // 1 Million tokens initially
+    }
+
+    function mint(address to, uint256 amount) public onlyOwner {
+        _mint(to, amount);
+    }
+}

package/contracts/SecureVault.sol

@@ -0,0 +1,24 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+import "./Guardian.sol";
+
+/**
+ * @title SecureVault
+ * @dev Example contract demonstrating SecureTransac protection.
+ */
+contract SecureVault is Guardian {
+    string public secret;
+
+    constructor(address _registry) Guardian(_registry, 700) {
+        secret = "This is a protected secret!";
+    }
+
+    function setSecret(string calldata _newSecret) external onlyTrusted {
+        secret = _newSecret;
+    }
+
+    function getSecret() external view onlyTrusted returns (string memory) {
+        return secret;
+    }
+}

package/contracts/TransactionLogger.sol

@@ -0,0 +1,12 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+import "./AccessControl.sol";
+
+contract TransactionLogger is AccessControl { // Inheriting AccessControl for onlyReporter
+    event TransactionLogged(address indexed from, address indexed to, uint256 amount, uint256 timestamp);
+
+    function recordTransaction(address from, address to, uint256 amount) external onlyReporter {
+        emit TransactionLogged(from, to, amount, block.timestamp);
+    }
+}

package/contracts/TrustDAO.sol

@@ -0,0 +1,158 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
+import "@openzeppelin/contracts/access/Ownable.sol";
+
+interface ITrustRegistry {
+    enum AuthorityTier { NONE, STANDARD, INSTITUTIONAL, DIAMOND }
+    function setReporterStatus(address reporter, bool status, AuthorityTier tier) external;
+}
+
+/**
+ * @title TrustDAO
+ * @dev Governance system for SecureTransac.
+ * Handles Authority Staking and Parameter Voting.
+ */
+contract TrustDAO is Ownable {
+    IERC20 public trustToken;
+    ITrustRegistry public registry;
+
+    uint256 public constant MIN_STAKE = 1000 * 10**18; // 1000 $TRUST
+    uint256 public constant VOTING_PERIOD = 3 days;
+
+    struct Proposal {
+        uint256 id;
+        address proposer;
+        string description;
+        uint256 forVotes;
+        uint256 againstVotes;
+        uint256 endTime;
+        bool executed;
+        mapping(address => bool) hasVoted;
+    }
+
+    mapping(uint256 => Proposal) public proposals;
+    uint256 public nextProposalId;
+
+    mapping(address => uint256) public stakes;
+    mapping(address => bool) public isStakedReporter;
+
+    event Staked(address indexed user, uint256 amount);
+    event Unstaked(address indexed user, uint256 amount);
+    mapping(address => uint256) public claimableRewards;
+    uint256 public totalDistributedRewards;
+
+    event RewardsClaimed(address indexed user, uint256 amount);
+    event RewardsDistributed(uint256 amount);
+    event ProposalCreated(uint256 indexed id, string description);
+    event Voted(uint256 indexed id, address indexed voter, bool support, uint256 weight);
+
+    constructor(address _token, address _registry) Ownable(msg.sender) {
+        trustToken = IERC20(_token);
+        registry = ITrustRegistry(_registry);
+    }
+
+    /**
+     * @dev Distribute protocol fees (in $TRUST) to all staked authorities.
+     * In production, this would be auto-triggered by the credit system conversion.
+     */
+    function distributeRewards(uint256 totalAmount) external onlyOwner {
+        require(totalAmount > 0, "No rewards to distribute");
+        // Simplified: Distribute equally for demo, or based on accuracy metrics
+        // In real DAO, we'd use a merkle tree or tracking variable
+        totalDistributedRewards += totalAmount;
+        emit RewardsDistributed(totalAmount);
+    }
+
+    function claimRewards() external {
+        uint256 reward = claimableRewards[msg.sender];
+        require(reward > 0, "No rewards to claim");
+        
+        claimableRewards[msg.sender] = 0;
+        require(trustToken.transfer(msg.sender, reward), "Transfer failed");
+        
+        emit RewardsClaimed(msg.sender, reward);
+    }
+
+    /**
+     * @dev Authorities must stake tokens to be active.
+     */
+    function stake() external {
+        uint256 amount = MIN_STAKE;
+        require(trustToken.transferFrom(msg.sender, address(this), amount), "Transfer failed");
+        
+        stakes[msg.sender] += amount;
+        isStakedReporter[msg.sender] = true;
+        
+        // Auto-whitelist in registry if they stake as STANDARD
+        registry.setReporterStatus(msg.sender, true, ITrustRegistry.AuthorityTier.STANDARD);
+        
+        emit Staked(msg.sender, amount);
+    }
+
+    function unstake() external {
+        require(stakes[msg.sender] >= MIN_STAKE, "Nothing to unstake");
+        uint256 amount = stakes[msg.sender];
+        
+        stakes[msg.sender] = 0;
+        isStakedReporter[msg.sender] = false;
+        
+        // Revoke reporter status
+        registry.setReporterStatus(msg.sender, false, ITrustRegistry.AuthorityTier.NONE);
+        
+        require(trustToken.transfer(msg.sender, amount), "Transfer failed");
+        emit Unstaked(msg.sender, amount);
+    }
+
+    /**
+     * @dev Governance: Propose a change.
+     */
+    function createProposal(string calldata description) external {
+        require(isStakedReporter[msg.sender], "Only staked members can propose");
+        
+        Proposal storage p = proposals[nextProposalId];
+        p.id = nextProposalId;
+        p.proposer = msg.sender;
+        p.description = description;
+        p.endTime = block.timestamp + VOTING_PERIOD;
+        
+        emit ProposalCreated(nextProposalId, description);
+        nextProposalId++;
+    }
+
+    /**
+     * @dev Vote on a proposal using token weight.
+     */
+    function vote(uint256 proposalId, bool support) external {
+        Proposal storage p = proposals[proposalId];
+        require(block.timestamp < p.endTime, "Voting ended");
+        require(!p.hasVoted[msg.sender], "Already voted");
+
+        uint256 weight = trustToken.balanceOf(msg.sender);
+        if (isStakedReporter[msg.sender]) {
+            weight += stakes[msg.sender]; // Staked tokens also count
+        }
+        
+        require(weight > 0, "No voting weight");
+
+        if (support) p.forVotes += weight;
+        else p.againstVotes += weight;
+
+        p.hasVoted[msg.sender] = true;
+        emit Voted(proposalId, msg.sender, support, weight);
+    }
+
+    /**
+     * @dev Execute a proposal (Admin only for MVP, DAO logic for production).
+     */
+    function executeProposal(uint256 proposalId) external onlyOwner {
+        Proposal storage p = proposals[proposalId];
+        require(block.timestamp >= p.endTime, "Voting ongoing");
+        require(!p.executed, "Already executed");
+        require(p.forVotes > p.againstVotes, "Proposal failed");
+
+        p.executed = true;
+        // In production: Execute actual target call (threshold change, etc.)
+    }
+}

package/contracts/TrustRegistry.sol

@@ -0,0 +1,23 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+import "./ScoringSystem.sol";
+import "./TransactionLogger.sol";
+import "./ReportingSystem.sol";
+
+/**
+ * @title TrustRegistry
+ * @dev Aggregator contract inheriting split functionality.
+ * Kept for backward compatibility with existing deployment scripts and frontend.
+ * Ideally, frontend would interact with specific contracts, but this wrapper simplifies migration.
+ */
+contract TrustRegistry is ScoringSystem, TransactionLogger, ReportingSystem {
+    constructor() AccessControl() {
+        // Constructor logic if any necessary beyond inherited ones
+        // AccessControl constructor (via ScoringSystem -> AccessControl) sets msg.sender as reporter
+    }
+    
+    // Wrapper functions if needed to expose inherited public functions generally work automatically.
+    // However, Solidity inheritance rules for functions with same name (if any) need overrides.
+    // Here we have distinct functions so it should be fine.
+}

package/contracts/VerificationRegistry.sol

@@ -0,0 +1,51 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+import "@openzeppelin/contracts/access/Ownable.sol";
+
+contract VerificationRegistry is Ownable {
+    enum Status { Pending, Approved, Rejected }
+
+    struct Request {
+        address user;
+        uint96 timestamp; // Packed
+        address company;
+        Status status;    // Packed
+        string proofCid;
+    }
+
+    Request[] public requests;
+    // Removed redundant mappings for gas optimization (use events instead)
+
+    event VerificationRequested(uint256 indexed requestId, address indexed user, address indexed company, string proofCid);
+    event VerificationProcessed(uint256 indexed requestId, Status status, address reviewer);
+
+    constructor() Ownable(msg.sender) {}
+
+    function requestVerification(address company, string calldata proofCid) external {
+        uint256 requestId = requests.length;
+        requests.push(Request({
+            user: msg.sender,
+            timestamp: uint96(block.timestamp),
+            company: company,
+            status: Status.Pending,
+            proofCid: proofCid
+        }));
+        
+        emit VerificationRequested(requestId, msg.sender, company, proofCid);
+    }
+
+    function processVerification(uint256 requestId, Status status) external {
+        require(requestId < requests.length, "Invalid request ID");
+        Request storage req = requests[requestId];
+        require(msg.sender == req.company, "Only the assigned company can process");
+        require(req.status == Status.Pending, "Already processed");
+
+        req.status = status;
+        emit VerificationProcessed(requestId, status, msg.sender);
+    }
+
+    function getRequestCount() external view returns (uint256) {
+        return requests.length;
+    }
+}

package/contracts/ZKIdentityVerifier.sol

@@ -0,0 +1,38 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+import "./IdentityVault.sol";
+
+contract ZKIdentityVerifier is IdentityVault {
+
+    event IdentityVerified(address indexed verifier, uint256 indexed nullifierHash);
+
+    constructor(address _registry) IdentityVault(_registry) {}
+
+    // Mock Verifier function (since we can't compile real Circom verifier in this env)
+    // In production, this would use the Pairing library to check Groth16 proofs.
+    function verifyProof(
+        uint256[2] memory a,
+        uint256[2][2] memory b,
+        uint256[2] memory c,
+        uint256[2] memory input
+    ) public pure returns (bool) {
+        // MOCK: Validates if the first input (commitment) is non-zero
+        // Real implementation would utilize the 'verifier.sol' generated by SnarkJS
+        return input[0] != 0;
+    }
+
+    function proveIdentity(
+        uint256[2] memory a,
+        uint256[2][2] memory b,
+        uint256[2] memory c,
+        uint256[2] memory input // [commitmentHash, nullifierHash]
+    ) external {
+        require(verifyProof(a, b, c, input), "Invalid ZK Proof");
+        
+        // This proves the user knows the secret behind 'commitmentHash'
+        // without revealing the secret itself.
+        
+        emit IdentityVerified(msg.sender, input[1]);
+    }
+}