Last updated 7 months ago
Counterfeit/duplicated QR tickets, bot scalping, and opaque resale destroy trust and revenue. Organizers and fans need one-of-one, policy-guarded tickets with fast, offline-resilient verification.
Mint NFT tickets with transfer rules on Cardano; buyers use ADA; staff scan dynamic QR via a PWA with offline cache. Admin dashboard manages tiers, seat maps, refunds, and optional fair resale.
This is the total amount allocated to CardaPass — Fraud-Proof Event Ticketing on Cardano (NFT).
Please provide your proposal title
CardaPass — Fraud-Proof Event Ticketing on Cardano (NFT)
Enter the amount of funding you are requesting in ADA
88000
Please specify how many months you expect your project to last
8
Please indicate if your proposal has been auto-translated
No
Original Language
en
What is the problem you want to solve?
Counterfeit/duplicated QR tickets, bot scalping, and opaque resale destroy trust and revenue. Organizers and fans need one-of-one, policy-guarded tickets with fast, offline-resilient verification.
Does your project have any dependencies on other organizations, technical or otherwise?
Yes
Describe any dependencies or write 'No dependencies'
Standards: CIP-30 (wallet), CIP-25/68 (NFT metadata). Tooling: Aiken/Plutus V2 (contracts), Mesh/Lucid (client), Playwright (E2E). Infra: Blockfrost/Koios (indexing/APIs), cloud hosting for dashboard + relayer, object storage for media. Optional (future): Atala PRISM / W3C DIDs for identity-bound tickets where required by organizers.
Will your project's outputs be fully open source?
Yes
License and Additional Information
Core contracts, scanner, web dApp, and SDK under MIT (Apache-2.0 acceptable).
Documentation, playbooks, and case studies under CC BY 4.0.
Secrets (API keys) excluded; organizer analytics configs stored off-chain.
Please choose the most relevant theme and tag related to the outcomes of your proposal
Identity & Verification
Mention your open source license and describe your open source license rationale.
We will license all code under MIT and docs/playbooks under CC BY 4.0. MIT ensures broad adoption, easy integration into commercial and community projects, and encourages contributions by removing legal friction. CC BY allows organizers and hubs to freely reuse training materials with attribution. This combination maximizes openness, impact and sustainability, while a Contributor License/DCO process keeps the repo legally clean.
How do you make sure your source code is accessible to the public from project start, and people are informed?
From project start, a public GitHub repo will host skeleton docs, CI templates, roadmap, LICENSE, and CONTRIBUTING guidelines. Commits, releases and CI badges will be visible from day one. Major deliverables (specs, policies, testnet txs) will be published directly in the repo. Progress will be shared via Catalyst updates, GitHub Releases, and social channels. Weekly updates, office-hour calls, and clear issue templates will ensure the community can follow and contribute openly.
How will you provide high quality documentation?
We treat docs as core deliverables (“docs-as-code”). Developer docs: Quickstarts, API refs, contract guides, SDK examples, integration cookbooks. User docs: buyer and organizer guides, door-staff checklists, FAQs, troubleshooting. Hosted on Docusaurus/MkDocs, versioned, and searchable. Reviewed via PR workflow, spell/link-checked in CI, with user-testing feedback loops. Outputs include text, diagrams, and video microlearning, all translated for pilot regions.
Please describe your proposed solution and how it addresses the problem
Centralized PDF/QR systems are easy to clone and hard to police at the door. We replace them with Cardano-native NFT tickets governed by a minting policy that encodes event, venue, time windows, and transfer rules. Each ticket is a one-of-one asset with provenance. Buyers purchase with ADA through the dApp; the NFT lands in their wallet (CIP-30 compatible). A dynamic QR (CBOR payload) links the physical holder, the policy, and the current UTxO state. At entry, staff use our Scanner PWA (Android-first) to validate instantly, even with spotty connectivity thanks to an offline cache and safe relayer fallback that reconcile when online.
Organizers control tiers, seating, refunds/voids, and optional fair resale (allow/deny transfer, resale window, per-wallet caps, royalty share). A self-serve dashboard manages events and exports. An open SDK enables third parties (festivals, DAOs, campus groups) to integrate the contracts without vendor lock-in.
Please define the positive impact your project will have on the wider Cardano community
Real-world utility & growth: CardaPass turns everyday fans into new Cardano wallet users. Every ticket minted, transferred, or scanned is on-chain activity that showcases Cardano’s low fees, security, and composability. This expands daily active wallets and normalizes ADA in consumer contexts.
Reusable public goods: Our contracts, scanner, and SDK are open and documented, so any Cardano community—Catalyst events, SPO meetups, hackathons, university fests, NFT conferences—can deploy fraud-resistant ticketing quickly. This reduces duplicated engineering and accelerates time-to-impact for future builders.
Integrity & trust as a differentiator: Immutable provenance + programmable transfer rules demonstrate Cardano’s EUTxO strengths. Organizers see measurable fraud reduction, transparent resale, and better line throughput; fans see fairness, fewer invalid tickets, and better experiences—all attributable to Cardano, not a black-box vendor.
Ecosystem learning loop: We will publish load-testing data, failure modes, and threat-model updates, helping teams building commerce, identity, or access-control dApps. Our venue playbooks (training, offline ops, reconciliation) translate blockchain into operational success—knowledge the community can reuse.
Adoption pipeline: Two real pilots produce case studies with KPIs (check-in success, scan speed, fraud blocked, organizer NPS). We’ll run a public webinar and push “how-to” templates. Post-launch, our onboarding kit supports additional organizers, growing Cardano’s events footprint organically.
Measurement & sharing:
Quantitative KPIs: #tickets minted; #unique wallets; check-in success ≥95%; scan throughput ≥4/sec/device; resale volume (if enabled); fraud attempts blocked; organizer NPS ≥8/10; cost per ticket vs Web2 baseline.
Qualitative: door-staff and organizer interviews; fan surveys; pilot post-mortems.
Transparency: bi-weekly updates; open dashboards; public repos; recorded demos; a final lessons-learned report.
What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?
Operating model: our team owns product, partnerships, ops, QA, and governance. Specialist development is delivered by contracted experts under milestone-tied statements of work (SoWs) and code-ownership terms. This lets you execute a production-grade build without over-promising in-house dev capacity.
Why our team can deliver despite limited in-house devs:
Clear division of labor: Core team handles discovery, requirements, organizer relations, acceptance criteria, QA sign-off, reporting, and funds governance.
**Contractor bench: **Pre-qualified pool (smart contract/Aiken, frontend, backend/relayer, mobile PWA, security audit, DevOps). Backups are listed in each SoW to avoid single-points-of-failure.
Evidence-based milestones: Every tranche requires code, tests, demos, or live event logs. No “black box” spending.
Quality gates: Unit + property tests (≥95% contract coverage), E2E tests, load tests, and a mini-audit before pilots.
**Risk controls: **Threat model; staged rollout; offline cache + reconciliation; rollback playbooks; legal T&Cs for organizers; incident response plan.
Financial stewardship: Dedicated project accountant, multi-sig treasury for contractor payments, purchase orders per line item, and public expense summaries.
Feasibility validation steps:
Pilot organizers secured before dev freeze; 2) Testnet end-to-end flow; 3) Load test to target throughput; 4) Onsite pilots with reconciliation logs; 5) Post-pilot fixes then public launch.
Milestone Title
Discovery, Product Design, Security & Governance
Milestone Outputs
Signed functional specification (buyer flow, organizer flow, door flow), full data model and CIP mapping (CIP-30, CIP-25/68).
Complete UX: wireframes, accessible UI patterns for buyer, organizer, and scanner app; design system starter.
Comprehensive threat model and abuse matrix (botting, replay attacks, duplicate UTxO, refund fraud) with mitigations.
Minting & transfer policy drafts (time-window, venue-scope, per-wallet caps, resale rules, royalties).
SoWs and vendor shortlist for every contracted role (smart-contracts, frontend, backend/relayer, PWA, security auditor, DevOps). Backup vendors listed.
Public GitHub repo skeleton and CI templates; documentation skeleton (README, CONTRIBUTING, CODE_OF_CONDUCT).
Governance & treasury templates — multi-sig payment flow, milestone payment rules, public reporting cadence.
Pilot agreements MOUs with at least two organizer partners (scope, dates, KPIs)
Acceptance Criteria
Functional spec signed by Project Lead and at least two pilot organizers.
Threat model reviewed and signed by the Technical Program Manager and Security Advisor.
SoWs signed (or conditional LOIs) for all contracted roles, with backup vendors documented.
GitHub repo public with CI badges, issue tracker enabled, issue templates, and an initial commit with skeleton docs.
MOUs with two pilot organizers signed and dates confirmed.
Evidence of Completion
PDF of signed functional spec; Figma links to wireframes; threat model PDF; policy draft; SoW PDFs/LOIs; GitHub repo URL with initial commits; MOU PDFs; screenshot of CI badges and issue tracker.
Delivery Month
2
Cost
13500
Progress
30 %
Milestone Title
Smart Contracts, Tests, Coverage & Security Audit
Milestone Outputs
Production-ready Aiken/Plutus V2 smart contracts (minting policy, transfer enforcement, administrative controls, safe refund/void primitives).
Reference scripts and a clearly defined ticket datum/state model (on-chain data layout).
Full unit & property test-suite (QuickCheck style properties) and automated coverage reports (target ≥95% critical-path coverage).
Test harness and reproducible CI pipeline for contract testing.
Independent third-party mini-security audit (contract-focused) with a prioritized remediation backlog.
On-chain gas/size profiling and testnet deployment scripts (tagged releases).
Updated threat model & runbook after audit remediation.
Acceptance Criteria
Contract release tagged in GitHub with passing CI and test coverage artifacts.
Third-party audit report completed; all critical and high severity findings remediated and re-tested.
Testnet end-to-end script: mint → transfer (if enabled) → wallet receipt → scanability simulated on dev scanner passes.
Documentation: contract README, gas estimates, and developer quickstart.
Evidence of Completion
GitHub release tag link, CI build logs, code coverage reports, audit report (public or redacted as agreed), remediation PRs merged, testnet tx hashes demonstrating flows, contract README and quickstart uploaded.
Delivery Month
2
Cost
28000
Progress
50 %
Milestone Title
dApp, Organizer Dashboard, Relayer & Scanner Beta
Milestone Outputs
Buyer web-dApp (React/Next) with CIP-30 wallet connect (buy flow, checkout, wallet receipt, support for Lace/Eternl/Lace-like wallets).
Organizer admin dashboard (event creation, tiering, seat maps import, pricing, resale rules toggle, exports).
Backend relayer, metadata & webhook services (indexer integration using Blockfrost/Koios), rate-limits, and anti-bot controls.
Android-first Scanner PWA (beta) able to decode dynamic CBOR QR, validate UTxO & policy state, and mark a check-in locally (with reconciliation).
Automated E2E tests and Playwright scripts covering buyer→mint→wallet→scan→reconcile flows.
Initial training materials (ops playbook) and a two-session remote training for pilot staff.
Acceptance Criteria
dApp, admin and relayer deployed to staging with live testnet integration; Playwright E2E green.
Scanner PWA beta runs on test devices and validates tickets from testnet txs.
Anti-bot and rate-limiting mechanisms exercised (simulated attack) and defenses proven.
Ops playbook approved by pilot organizers; two pilot staff training sessions completed.
Evidence of Completion
Staging deployment URLs, Playwright reports, relayer logs, scanner PWA demo recordings, sample seat map export CSV, training attendance sheets, and staging testnet tx hashes.
Delivery Month
2
Cost
23000
Progress
70 %
Milestone Title
Live Pilots, Hardening, SDK, Launch & Reporting
Milestone Outputs
Two real live pilots supported onsite (or hybrid) using mainnet test configuration / soft mainnet release as agreed with organizers.
Pilot analytics dashboards capturing KPIs in real-time (mints, unique wallets, check-ins, scan throughput, fraud attempts blocked).
Hotpatches & hardening sprint completed after pilots; final security re-test passed.
Open-source SDK & sample integrations (Mesh/Lucid wrappers, dev quickstarts, API examples).
Full public launch materials: press kit, explainer video, webinars, organizer onboarding kit and pricing/playbook templates.
Final audited financial report, lessons-learned case-study and public repository releases (contracts, scanner, SDK, docs).
Acceptance Criteria
Pilots achieve pre-agreed KPIs (≥95% check-in success, scan speed targets met, no accepted counterfeits).
Analytics and post-pilot reports delivered; remediation tickets closed within SLA.
SDK documented with at least two sample integrations; GitHub release published.
Final audit and financial reconciliation uploaded and publicly summarized.
Evidence of Completion
On-chain tx hashes, check-in logs, pilot NPS & testimonials, auditor sign-off, GitHub releases with SDK, final report PDF and webinar recordings
Delivery Month
10
Cost
23500
Progress
100 %
Please provide a cost breakdown of the proposed work and resources
Milestone 1 (Months 1–2) — ₳13,500 ADA
Rationale: Honoraria for product lead, partnerships lead and QA lead for focused discovery and partner onboarding.
Rationale: Accessibility-first wireframes, design system starter to ensure consistent multi-language UI.
Rationale: Senior architecture time to design mint/transfer policy, UTxO layout, and failure modes.
Rationale: Ensure organizer contracts, refund flow and privacy obligations are compliant.
Rationale: Hosting, CI templates, pre-commit hooks, reproducible builds from day one.
Rationale: Multi-sig payments, SoW payment rules, public reporting templates.
Rationale: Docs-as-code baseline for public repo, contributor onboarding.
Rationale: Organizer stipends for committing pilot dates and KPIs.
Rationale: Buffer for additional discovery sessions or small tool purchases.
Milestone 2 (Months 3–4) — ₳28,000 ADA
Rationale: Senior contract engineers to implement minting policy, datum, admin controls, and safety checks.
Rationale: Reference scripts and on-chain data layout to minimize on-chain cost and simplify verifiers.
Rationale: QuickCheck-style properties, deterministic CI validation and ≥95% coverage on critical paths.
Rationale: External specialist audit to find logic, replay, and economic edge-case issues.
Rationale: Implement audit fixes and re-run property tests.
Rationale: Dedicated testnet environment + dashboards for developers and pilot organizers.
Rationale: Coordination, PR reviews, and release management.
Rationale: Machine-readable contract docs and diagrams for auditors & integrators.
Rationale: Ensure UI/UX patterns won't block door staff or buyers with disabilities.
Milestone 3 (Months 5–6) — ₳23,000 ADA
Rationale: Fast, offline-capable scanner to validate CBOR QR payloads and check-in.
Rationale: Reliable offline check-ins and later reconciliation with on-chain state to avoid false-positives.
Rationale: Simulate real event conditions and tune scanner & relayer performance.
Rationale: Provide a secure relay for verification, anti-abuse, and reconciliation workers.
Rationale: UX for organizers to create events, import seat maps, and export admissions.
Rationale: Reproducible buyer→mint→wallet→scan test automation.
Rationale: Provide organizers with tested hardware for pilots and for staff training.
Rationale: Ops playbooks, short video guides for door staff and organizers.
Rationale: Travel & per-diem support if in-person assistance is required.
Milestone 4 (Months 7–8) — ₳23,500 ADA
Rationale: Make it trivial for third-parties to integrate CardaPass into any storefront.
Rationale: Reach organizers, hubs, and early adopters with clear materials.
Rationale: Confirm remediation and hardening before public launch.
Rationale: Live onboarding sessions and templates for quick event creation.
Rationale: Rapid fixes and performance tuning based on pilot analytics.
Rationale: Public-facing dashboard and internal M&E outputs.
Rationale: High-quality case study to drive further adoption and Catalyst storytelling.
Rationale: Small audit to confirm funds usage and provide Catalyst with an auditable report.
Rationale: Hosting & API indexing costs for rollout window.
Grand Total (M1 + M2 + M3 + M4) = ₳13,500 + ₳28,000 + ₳23,000 + ₳23,500 = ₳88,000 ADA
How does the cost of the project represent value for the Cardano ecosystem?
Terms and Conditions:
Yes
Amanuel Elias — Project Lead / Product Owner (CBCA): Vision, organizer partnerships, roadmap, acceptance & sign-off, governance, public reporting, and treasury oversight.
A Cardano Blockchain Certified Associate with years of experience in the crypto space. Holds a verified certificate from Udacity in Android Development and Data Analysis. Has been actively engaged in the blockchain ecosystem and the Cardano community through various projects over the years.
Github= https://github.com/amanuelelias
Henos Tefera — Partnerships & Operations Lead: Venue relations, pilot scheduling, staff training logistics, support playbooks, user feedback loops, and organizer onboarding.
A Bachelor of Science in Information Technology. proficient in Python and web development (HTML, CSS, JavaScript). Also has certifications in CS50's Programming with Python and Cisco Certified Network Associate (CCNA).
Suraphel Desalegn— QA & Community Programs: Acceptance criteria, test planning, support desk setup, triage, community comms, knowledge base maintenance.
A Cardano Blockchain Certified Associate(CBCA) with several years of experience in the space. Has been actively involved in the blockchain industry contributing to the ecosystem and engaging in community-driven projects, holds a graduate degree on Business Management.
Contracted Specialists (SoW-based, milestone-paid):
Technical Program Manager: Coordinates all vendors, maintains Gantt/risks, enforces test/security gates and delivery quality.
Smart Contract Engineers (Aiken/Plutus V2): Policy/datum/state design, unit+property tests, reference scripts, audit remediation.
Frontend Engineer: React/Next buyer dApp, CIP-30 wallet flows, admin dashboard, seat maps, accessibility.
Backend/Relayer Engineer: Indexer integration, webhook/metadata services, rate-limits & abuse protection, analytics pipeline, reconciliation jobs.
Mobile/PWA Engineer: Scanner PWA (QR/CBOR), offline cache, device performance optimization, telemetry.
Security Auditor (independent): Mini-audit of contracts and critical flows; re-test after fixes.
DevOps Engineer: CI/CD, monitoring, backups, IaC, cost controls.
Legal & Compliance Advisor: T&Cs, refunds, privacy, venue agreements.
All contractors deliver to acceptance criteria; backups are named in SoWs to avoid single-points-of-failure. Core IP is open-sourced per license.