[2510] Grant Proposal - Self Sovereign Identity (SSI) sandbox rootstock integration, maturity and alpha launch

1. Project Name & Description
   SSI Sandbox Rootstock Integration, maturity and alpha launch.
   The project aims to extend the current Self-Sovereign Identity (SSI) sandbox into the Rootstock blockchain ecosystem.
   The sandbox is very much advanced: It already demonstrates SSI capabilities (issuance, validation, storage), and this integration will migrate CID storage from centralized MySQL to Rootstock smart contracts, enabling a truly decentralized identity infrastructure.
   All these features are available for the community to test.
   These architecture is valid for many use cases, other use cases will require different architectures

2. Team Background
   The IOV Foundation (IOVF. org) brings together a multidisciplinary team with deep expertise in technology, blockchain, digital identity, and sustainable development.

   • Members have led digital transformation projects with multilateral organizations, governments, NGOs, and private companies.

   • The team includes pioneers in Bitcoin and smart contracts in Latin America, leaders in self-sovereign identity, and specialists in social and territorial programs.

   • This unique mix bridges decentralized innovation with real-world community challenges, aligned with the UN Sustainable Development Goals (SDGs).

   IOV Foundation’s mission is to ensure every individual has the tools and autonomy to unlock their full potential through decentralized technologies.

   Project Leader - Agustin Pandolfini - Head of Social impact

   https://www.linkedin.com/in/agustin-pandolfini-35842719bx

   Technical Consultant

   https ://www.linkedin.com/in/manuel-rico-molina/

3. Total Grant Amount
   37,500 total requested across four milestones
   Requesting $12,500 for Milestone 1

4. Milestone 1 Deliverables
   Testnet launch with Rootstock integration.
   Smart contract design + deployment for CID storage.
   Budget: New architecture and Web3 development
   KPIs:
   Smart contract deployed to Rootstock testnet.
   CID written/read cycle functional.

   Budget: Architecture, infrastructure, and web2 development ($7.500), Smart contract development ($5.000)

5. Milestone 2 & 3
   Milestone 2 Deliverables (1 month – $12,500)

   • Security Audit of Rootstock smart contracts

   • Remediation and optimization of audit findings.

   KPIs:

   • Audit completed and report published.

   • Smart contract updated per findings.

     Budget: $10,000 (audit), $2,500 (development hours for fixes and testing).

   Milestone 3 Deliverables (2 months – $5,000)

   • Mainnet launch of the Rootstock-enabled SSI sandbox.

   • Backend API adapted to interact with Rootstock.

   • Issuer and Validator APKs tested against Rootstock testnet.

   • Demo credential issuance + validation flow working end-to-end.

   • Infrastructure set-up for production readiness (Amazon + web2 services).

   KPIs:

   • CID storage functional on Rootstock mainnet.

   • Issuer and Validator APKs operational on mainnet.

   Budget: Web2 integration; Infrastructure (AWS, IPFS, DHT, gas costs)

   Milestone 4 Deliverables (3 months – $7,500)

   • User adoption phase
     Focused on accessibility, documentation, and SSO integration.
     Publish comprehensive guides for developers and institutions.
     Improve onboarding flows for community use cases.
     KPIs:
     Documentation and SSO integration live
     At least 2 external developers/institutions onboarded as pilot adopters.

6. **Timeline
   **
   Month 1: Milestone 1 – Testnet launch.

   Month 2: Milestone 2 – Security audit.

   Month 3: Milestone 3 – Mainnet launch.

   Months 5–8: Milestone 4 – User adoption & SSO integration.

7. **Technical Specs
   **
   Smart Contract Layer: Rootstock EVM-compatible contracts for CID storage.

   Storage: Credentials encrypted → stored on IPFS (Pinata); CID anchored on Rootstock.

   Identity Layer: DIDs published to DHT (Web5 tech); DWN server for optional off-chain storage.

   Apps: Issuer and Validator Android APKs already functional.

   Backend: Node.js services to orchestrate credential issuance & validation.

8. **Value Prop for Rootstock
   **
   Demonstrates Rootstock as a blockchain for decentralized identity, beyond finance.

   Bridges DeFi + Identity, enabling new use cases like verifiable credentials for financial inclusion.

   Provides an open-source reference implementation for developers, wallets, and institutions.

   Aligns Rootstock with the global SSI movement and Web5 identity standards.

9. **Demo and GitHub repo

   Flow

   IDA-Ciudadano apk (on link below) is the android app for the holder
   Issuer web page (on link below) is the issuer (approver)
   IDA-Verificador apk (on link) below is the verifier

   Github:** GitHub - IOV-Foundation/identity: Decentralized identity for governments and organizations.

   Ready for test APK:
   SSI APKs - Google Drive

   Issuer
   https://ida-emisor.vercel.app

10. Video Pitch:
    https://drive.google.com/file/d/1RmjJSk0uY3wEjg83sZ3aCsR4hNebRt5s/view?usp=

Adding screens

Our issuer app (to submit requests)

IDA-Issuer-1540×1170 33.5 KB

Issuer app

IDA-Issuer-2540×1170 18.9 KB

Issuer portal (for approvals)

Issuer-Portal1106×691 128 KB

Fixed video pitch

Agus, link yo your profile in LinkedIn is broken. And no link for Manu Rico.

Would also help you share more info about IOV.

Also examples of use cases for this tech.

It would be important to clarify whether this development will be completely open source, allowing any project to use it freely.

Is there a business model behind this for the IOV Foundation?

Are you planning to monetize it in any way, or is it simply about building open foundational infrastructure that other projects can use at no cost?

Additionally, if the goal is to provide this technology as a base layer without being direct users yourselves, it would be helpful to know whether you’ve already identified any project that plans to make use of it on Rootstock.

Manu, thank you very much for your time and for your thoughtful questions — they help us provide more clarity and depth to our proposal.

The project we are presenting builds upon the work developed by the IOV Foundation (IOVF.org) in the field of Self-Sovereign Identity (SSI). Over the past twelve months, the foundation has been dedicated to designing and developing its SSI infrastructure, including a web platform for issuing and managing verifiable credentials and two mobile applications for credential request and verification.

We see this as both a major responsibility and an exciting opportunity: taking forward a product that already has a strong foundation and connecting it to the Rootstock ecosystem to expand its adoption and real-world use.

We have also established a partnership with a civil association in northern Argentina that works with rural producers developing a traceability tool. The credentials created within this project will be used to verify the identity and data of producers, strengthening transparency and trust in local processes. Additionally, this SSI tool can be implemented by governments for citizen identity management, or by organizations in sectors like health, education, and social services for secure information exchange. The system is open source, allowing any project to use it freely, and our long-term goal is to have it recognized as a Digital Public Good.

Our technology is open sourced, public github repository plus verified smart contracts. Our approach to sustainability is based on charging for implementation and infrastructure usage for institutions that need it, never for data. Our value proposition lies in simplifying adoption — enabling governments and organizations to deploy secure, scalable, and interoperable digital identity solutions from day one.

Finally, we want to clarify that this project will be presented and executed directly by us — Agustín Pandolfini and Manuel Rico Molina.
We are two entrepreneurs with deep technical backgrounds and a shared mission: to use technology to expand inclusion and opportunity. I (Agustín) previously worked at both the IOV Foundation and Rootstock (back when it was still called IOV), always focused on using open infrastructure to empower vulnerable communities. Manuel brings strong experience in technology development and innovation management, ensuring solid technical leadership throughout the implementation.

Together, we are confident that this initiative truly embodies the Rootstock Collective’s spirit — creating open, collaborative, and socially impactful technology.

This are the links for our profile in LinkedIn:

• https://www.linkedin.com/in/manuel-rico-molina/

- https://www.linkedin.com/in/agustin-pandolfini-35842719b**/**

Digital IDs are deffinitely an interesting blockchain application that hasn’t yet shined, but I believe they still will.
(Remember when Cardano was supposed to have revolutionized Africa with it’s digital ID?)

I just feel the values are a little erring on the high side, at $37.5k total, and $12.5k for M1.
Any chance you can redesign it as a more streamlined MVP approach, at less than $30k total and less than $10k for M1?

Hi Chrono! Thanks for your interest in our proposal!
I do remember when Cardano was to revolutionaize Africa

Sovereign IDs we believe are a strong component in a descentralized future, and the basis of other important projects like digital reputation.

As for the values, yes we can accommodate, keep in mind we have a smart contract audit included, which is costly.

Here our revised plan
Total Grant Amount
30,000 total requested across four milestones
Requesting $10,000 for Milestone 1
Milestone 1 (1 month - $10,000)
Deliverables
Testnet launch with Rootstock integration.
Smart contract design + deployment for CID storage.
Budget: New architecture and Web3 development
KPIs:
Smart contract deployed to Rootstock testnet.
CID written/read cycle functional.

Budget: Architecture, infrastructure, and web2 development ($6.000), Smart contract development ($4.000)
Milestone 2, 3 & 4
Milestone 2 Deliverables (1 month – $11,500)
Security Audit of Rootstock smart contracts
Remediation and optimization of audit findings.
KPIs:
Audit completed and report published.
Smart contract updated per findings.
Budget: $10,000 (audit), $1,500 (development hours for fixes and testing).
Milestone 3 Deliverables (2 months – $4,000)
Mainnet launch of the Rootstock-enabled SSI sandbox.
Backend API adapted to interact with Rootstock.
Issuer and Validator APKs tested against Rootstock testnet.
Demo credential issuance + validation flow working end-to-end.
Infrastructure set-up for production readiness (Amazon + web2 services).
KPIs:
CID storage functional on Rootstock mainnet.
Issuer and Validator APKs operational on mainnet.
Budget: Web2 integration; Infrastructure (AWS, IPFS, DHT, gas costs)
Milestone 4 Deliverables (3 months – $4,500)
User adoption phase
Focused on accessibility, documentation, and SSO integration.
Publish comprehensive guides for developers and institutions.
Improve onboarding flows for community use cases.
KPIs:
Documentation and SSO integration live
At least 2 external developers/institutions onboarded as pilot adopters

I believe the main challenge for Self-Sovereign Identity (SSI) lies not in the technology itself, its value and potential are well understood, but in driving user adoption, as the process can often feel complex for end users. Do you have any plans to make the experience more accessible or user-friendly?

You’ve already provided some clarity to @Manu regarding the business model, but could you please elaborate further on how the charges for implementation and infrastructure usage would work in practice?

And regarding adoption, as mentioned in milestone 4, have you already engaged in discussions with any potential pilot adopters or partners who could help validate the system in operational environments?

Hi @Curia thanks for your feedback!

Our current sandbox already offers its basic services with total abstraction from the underlying technology. We have two working application (you can download the apks and test them) one to submit requests, and another to verify approved credentials. We also offer a portal to approve the requests. The sandbox one is https://ida-emisor.vercel.app/

Our technology is open to the community. We include in our project milestones to create the documentation necessary to make use of the technology. We will charge institutions that request ourselves to do that work. To install and customize their infrastructure. Charges will vary depending on the size and complexity of the implementation.

About adoption, yes! We are in advanced discussion to implement this with a civil association in northern Argentina that works with rural producers developing a traceability tool. The credentials created within this project will be used to verify the identity and data of producers, strengthening transparency and trust in local processes. Let me know if you want more details on this.

We can elaborate any of these points if necessary.

Regards!

Hello @mrmtech I was watching your video pitch where you say that your team has worked with governments, international organizations, and NGOs. Can you please provide links to case studies and/or live products of this past work? Thank you.

Hi 404Gov!

The product we are currently presenting stems from the experience of having developed and been part of two key initiatives: the DiDi initiative (https://didi.org.ar/) and the initiative that currently operates in the City of Buenos Aires (https://buenosaires.gob.ar/innovacionytransformaciondigital/quarkid). Furthermore, it is based on the experience acquired during the implementation of DiDi in the Carlos Mujica neighborhood (CABA) and in the province of Santiago del Estero. We were also in negotiations with the Government of Gibraltar regarding the issuance of driving licenses. Finally, we received funding from CAF (https://www.caf.com/) for the development of this tool and the generation of a document on Self-Sovereign Identity (SSI) (Empowering Latin America: The Launch of the Self-Sovereign Identity (SSI) Guide - IOV Foundation). All this background helps us understand the value of incorporating blockchain into the tool and how to create a product for easy implementation. Therefore, we are going to conduct a new pilot program with an NGO to begin implementing this solution.

If you want more details let us know!

After careful consideration, we decided to support this proposal. It’s well structured, the values have been slightly reduced per our suggestion, the milestones make sense.
The team is serious, and has shown good engagement with governments and institutions to look for initial adoption.
Blockchain IDs are an age-old tale, with many large projects having tried to tackle this, but we think it still remains a blockchain application with high potential yet to be conquered.
We consider this a mid/high risk, but with a high upside result for the ecosystem in case they succeed.

Thank you @mrmtech , thank you so much for your M1 report, it looks good! As Tane already noted on your report post , keep all your reports and updates on this thread, so it allows for ease of following the project with the latest information.

We’re looking forward to your results of your security audit report for Milestone 2. Thanks for the update!

Thanks Dao! Adding our update here now

Executive Summary

Milestone 1 of our Rootstock SSI integration grant is complete. We migrated DID-to-CID storage from centralized MySQL to Rootstock blockchain smart contracts, enabling a truly decentralized identity infrastructure.

Milestone 1 Deliverables (All Complete)

1. Smart contract deployed to Rootstock testnet
2. CID written/read cycle functional
3. Backend integration with dual-write mechanism
4. Citizen app backendless discovery implemented
5. Comprehensive documentation and testing

Test it yourself!!!

You can test the end-to-end flow (citizen → request → issuer approval) using the Android APK and issuer web portal.

1. Download and install the Android APK

   • Expo build: https://drive.google.com/drive/folders/1om5-sS0i_dtJCSOfv_nfR1GV91CI2tJ9?usp=sharing

2. Open the app and create your DID

   • Tap Crear DID
   • You should see the IDA demo welcome screen (e.g., “Bienvenidos a IDA DEMO”) and your identity initialized

3. Go to “Credenciales”

   • Open the bottom tab Credenciales

4. Submit a credential request with a photo

   • Create a new request and attach a photo when prompted
   • Submit the request

5. Approve the request in the issuer portal

   • Open the issuer page: https://main.d1fkse5la21xp8.amplifyapp.com/
   • Find your pending request and approve it

High-Level Architecture (Apps → Backend → Web5 / Web3 / Web2)

                 ┌───────────────────────────────┐
                 │            Users              │
                 └───────────────┬───────────────┘
                                 │
          ┌──────────────────────┼──────────────────────┐
          │                      │                      │
┌──────────────────────┐  ┌──────────────────────┐  ┌──────────────────────┐
│ IDA-Ciudadano App    │  │ IDA-Verificador App  │  │ IDA-Emisor Web       │
│ (mobile)             │  │ (mobile)             │  │ (web)                │
└───────────┬──────────┘  └───────────┬──────────┘  └───────────┬──────────┘
            │                         │                         │
            └───────────────┬─────────┴─────────┬───────────────┘
                            │  HTTPS / API calls │
                            v
              ┌────────────────────────────────────────┐
              │ Identity Backend (NestJS API)           │
              │ - Issues credentials                    │
              │ - Maintains manifests                   │
              │ - Dual-write DID → manifestCID          │
              └───────────────┬───────────┬────────────┘
                              │           │
               ┌──────────────┘           └───────────────┐
               v                                          v
     ┌───────────────────────┐                 ┌────────────────────────┐
     │ Web5 DHT Node / Relay │                 │ Web2 DB (MySQL)        │
     │ (DID publish/resolve) │                 │ (did_cids, manifests   │
     └───────────────────────┘                 │  outbox, etc.)         │
                                               └────────────────────────┘
                              ^
                              │ Web3 (ethers)
                              │
                 ┌───────────────────────────────────────┐
                 │ Rootstock (Web3 Smart Contract)        │
                 │ DidManifestRegistry: didKey → CID      │
                 └───────────────────────────────────────┘

1. Smart Contract Deployment

Contract Details

Contract Name: DidManifestRegistry
Network: Rootstock Testnet (Chain ID: 31)
Contract Address: 0x657b5B93e07Add7B0dA58043B68f5Ddc57af467F
Deployer Wallet: 0x799f8c5124e8c6C4Ec19b5314be2a214E05f4Be5
Status: Deployed and Verified on Blockscout

Verification

The contract has been deployed and verified on Rootstock Testnet. The verified source code and contract interactions are available on Blockscout at the address above.

Contract Interface

The DidManifestRegistry contract provides the following functionality:

Write Functions (Owner Only)

setManifestCid(bytes32 didKey, string calldata manifestCid)

• Stores a single DID-to-ManifestCID mapping
• Access: Only contract owner
• Gas Usage: Approximately 87,000
• Emits: ManifestCidSet event

setManifestCidsBatch(bytes32[] calldata didKeys, string[] calldata manifestCids)

• Stores multiple DID-to-ManifestCID mappings in a single transaction
• Access: Only contract owner
• Gas Usage: Approximately 87,000 per mapping
• Emits: ManifestCidSet event for each mapping

Read Functions (Public)

getManifestCid(bytes32 didKey) → string

• Retrieves the manifest CID for a given DID
• Access: Public
• Gas Usage: Free (view function)

Key Implementation Details

DID Key Derivation: The contract uses keccak256(didUri) as the key for storage, providing deterministic lookups while maintaining privacy.

Real Transaction Example:

• DID: did:dht:9i67u463xbtp8rz58h5yrz5j684ghsxzw5st4ij7ugg8n7qrsaco
• Transaction Hash: 0x86f469e8ed3e22b33558a36c5fe54cfa99b25c0488692ba079a89f4214d6f6d6
• Manifest CID: QmfMQfrdXLw82GjxJaJZMdkZvttYrwXp6BXD79PJZ5VAB9
• Block Number: 7253369
• Gas Used: 86,999

You can verify this transaction on Blockscout: View Transaction

The manifest can be retrieved from IPFS: View Manifest

Smart Contract Features

1. Efficient Storage: Uses keccak256 hashing for deterministic lookups
2. Gas Optimized: Uses calldata for string parameters (approximately 40% gas savings)
3. Event Logging: Emits ManifestCidSet events for off-chain indexing
4. Batch Operations: Supports batch writes for multiple DIDs
5. Access Control: Only contract owner can write, preventing unauthorized modifications

2. Backend Integration

Architecture Overview

The backend implements a dual-write pattern where DID-to-ManifestCID mappings are written to both:

1. MySQL database - For immediate consistency and backend queries
2. Rootstock blockchain - For decentralization and transparency

Integration Flow

The credential issuance process has been enhanced with blockchain integration:

1. Issue JWT Credential (signed with issuer DID)
2. Upload to IPFS via Pinata (credentialCID returned)
3. Update Manifest and Upload (manifestCID returned)
4. Write to MySQL (immediate, synchronous)
5. Write to Rootstock (async, non-blocking)
6. If blockchain write fails, queue in outbox for retry

End-to-End Flow (Issuance + Dual-Write + Backendless Discovery)

ISSUANCE (backend)
──────────────────────────────────────────────────────────────────────────────
IDA-Emisor Web / issuer operator
          │
          v
Identity Backend (issueCredential)
  │ 1) Create VC/JWT
  │ 2) Encrypt + upload credential -> IPFS => credentialCID
  │ 3) Update manifest JSON + upload -> IPFS => manifestCID
  │ 4) Persist to MySQL (did_cids / manifests)
  │ 5) Non-blocking enqueueOrWriteManifestCid(didUri, manifestCID)
  │        │
  │        ├─ success -> Rootstock: setManifestCid(didKey, manifestCID)
  │        └─ failure -> MySQL outbox: web3_manifest_outbox (retry worker)
  v
(issuance returns without waiting on chain confirmation)

DISCOVERY (client)
──────────────────────────────────────────────────────────────────────────────
IDA-Ciudadano App
  │ 1) didKey = keccak256(didUri)
  │ 2) Rootstock: getManifestCid(didKey) -> manifestCID
  │ 3) IPFS gateway: GET /ipfs/{manifestCID} -> manifest JSON -> credentialCIDs
  │ 4) Fetch credentials by CID (and decrypt via backend in current phase)
  v
Display credentials in the app

Testbet Logs

The following logs demonstrate successful Rootstock integration in testnet:

Initialization:

[2026-01-17T20:21:10.419Z] [Web3RegistryService] debug: 
  Wallet address: 0x799f8c5124e8c6C4Ec19b5314be2a214E05f4Be5, 
  balance: 0.000485526677974388 RBTC

[2026-01-17T20:21:10.419Z] [Web3RegistryService] info: 
  Web3Registry initialized for Rootstock testnet 
  (chainId: 31, contract: 0x657b5B93e07Add7B0d...)

Testnet Transaction:

[2026-01-18T00:00:38.513Z] [Web3RegistryService] info: 
  Enqueueing Rootstock write: 
  didKey=0x05d956541fe56d0f438e7e18587fa8140acab9b1a7ce8805f073b9b453d2c50a, 
  manifestCid=QmfMQfrdXLw82GjxJaJZMdkZvttYrwXp6BXD79PJZ5VAB9

[2026-01-18T00:00:38.514Z] [Web3RegistryService] info: 
  Sending tx to Rootstock: 
  didKey=0x05d956541fe56d0f438e7e18587fa8140acab9b1a7ce8805f073b9b453d2c50a, 
  manifestCid=QmfMQfrdXLw82GjxJaJZMdkZvttYrwXp6BXD79PJZ5VAB9

[2026-01-18T00:00:39.085Z] [Web3RegistryService] info: 
  Tx sent: hash=0x86f469e8ed3e22b33558a36c5fe54cfa99b25c0488692ba079a89f4214d6f6d6, 
  nonce=1, chainId=31

[2026-01-18T00:00:55.502Z] [Web3RegistryService] info: 
  Tx confirmed: hash=0x86f469e8ed3e22b33558a36c5fe54cfa99b25c0488692ba079a89f4214d6f6d6, 
  block=7253369, status=1, gasUsed=86999, chainId=31

3. Outbox and Retry Mechanism

To ensure reliability and non-blocking issuance, we implemented an outbox pattern with a retry worker.

Database Migration

Created web3_manifest_outbox table for failed transaction tracking with the following schema:

• id - Unique identifier (UUID)
• did_uri - The DID URI (indexed)
• did_key - The keccak256 hash of the DID URI (indexed)
• manifest_cid - The IPFS CID of the manifest
• status - Transaction status: pending, sent, confirmed, or failed (indexed)
• tx_hash - Transaction hash once sent
• attempts - Number of retry attempts
• last_error - Error message from last attempt
• next_attempt_at - Timestamp for next retry (indexed)
• created_at, updated_at - Timestamps

Retry Strategy

The retry worker runs every 2 minutes and processes pending transactions with exponential backoff:

Benefits

• Credential issuance never blocks on blockchain writes
• Automatic retry with exponential backoff
• Failed transactions can be monitored and manually resolved
• System remains operational even during blockchain network issues

4. Citizen App - Backendless Discovery

Implementation

Citizens can now discover their credentials without calling the backend API through the following process:

1. Derive didKey from DID (keccak256 hash)
2. Read from Rootstock contract using getManifestCid
3. Fetch manifest from IPFS
4. Fetch individual credentials from IPFS

Environment Configuration

The citizen app requires the following environment variables:

EXPO_PUBLIC_WEB3_CHAIN_ID=31
EXPO_PUBLIC_WEB3_RPC_URL=https://public-node.testnet.rsk.co
EXPO_PUBLIC_WEB3_CONTRACT_ADDRESS=0x657b5B93e07Add7B0dA58043B68f5Ddc57af467F
EXPO_PUBLIC_IPFS_GATEWAY_BASE_URL=https://gateway.pinata.cloud

5. Testing and Verification

Smart Contract Tests

The contract includes comprehensive unit tests covering all functionality:

• Set and get manifest CID operations
• Event emission verification
• Empty CID rejection
• Owner-only access control
• Batch write operations

All tests pass successfully with 100% coverage of critical functionality.

Integration Testing

End-to-end testing was performed on January 18, 2026:

Step 1: Issue Credential

• Request ID: 45bbfcae-bc43-4c07-8de9-1beb394bae56
• DID: did:dht:9i67u463xbtp8rz58h5yrz5j684ghsxzw5st4ij7ugg8n7qrsaco
• Status: Approved and issued successfully

Step 2: Verify MySQL Write

• Credential CID: QmQQZdmJvennax4Lu6LmKr7Bbdns7FpRJDr3bgeDkKCHFG
• Manifest CID: QmfMQfrdXLw82GjxJaJZMdkZvttYrwXp6BXD79PJZ5VAB9
• Timestamp: 2026-01-18 00:00:38

Step 3: Verify Rootstock Write

• Transaction Hash: 0x86f469e8ed3e22b33558a36c5fe54cfa99b25c0488692ba079a89f4214d6f6d6
• Block Number: 7253369
• Gas Used: 86,999
• Status: Confirmed
• Verification: ManifestCID successfully retrieved from contract

Step 4: Verify IPFS Retrieval

• Manifest successfully retrieved from IPFS
• Contains issuer DID and all credential CIDs for the holder
• New credential CID present in manifest

Step 5: Verify Backendless Discovery

• Contract query successful without authentication
• Manifest retrieval from IPFS successful
• Complete backendless flow functional

6. Documentation

We have created comprehensive documentation for developers and institutions:

Technical Documentation

1. Contract README
   • Contract deployment guide
   • Contract interface documentation
   • Hardhat commands reference

GitHub Repository

All code is open source and available on GitHub:

Repository: Ikabott-MRM/identity

Key commits for Milestone 1:

• 352206f - Add Rootstock Web3Registry integration
• fbbbc4d - Fix Docker build
• 683e2d9 - Add deployment documentation

7. System Capabilities and Benefits

Before Rootstock Integration

• Citizens must call backend API to discover credentials
• Backend is single point of failure for credential access
• No blockchain transparency (data only in MySQL)
• Centralized storage and discovery

After Rootstock Integration

• Backendless Discovery: Citizens can discover credentials without backend API
• Decentralized: DID-to-CID mappings stored on Rootstock blockchain
• Transparent: Public verification via Blockscout explorer
• Resilient: System works even if backend is down (for discovery)
• Redundant: Dual-write ensures data availability (MySQL and blockchain)
• Non-blocking: Credential issuance never fails due to blockchain issues
• Automatic Retry: Failed writes are retried automatically

Real-World Impact

For our pilot project with rural producers in Argentina:

1. Producers can prove their identity and credentials without internet connectivity to our backend
2. Verifiers can check credentials by reading from Rootstock and IPFS (decentralized)
3. Transparency for cooperatives and regulatory bodies via Blockscout
4. Data sovereignty - credentials owned by producers, not centralized database

8. Gas Costs and Economics

Deployment Cost

• Contract deployment: 512,847 gas (approximately $0.50 USD on testnet)
• One-time cost: Already paid

Per-Write Cost

• setManifestCid(): Approximately 87,000 gas per write
• Real transaction example: 86,999 gas
• Mainnet estimate: Approximately $0.02 USD per credential (depending on RBTC price)

Read Cost

• getManifestCid(): Free (view function, no gas required)

Scalability

• Batch write function available for large migrations
• Can write up to 100 mappings in one batch (approximately 8.7M gas)
• Estimated capacity: Thousands of credentials per day within reasonable gas budget
• Testnet confirmed: Credentials written and confirmed in under 17 seconds

9. Configuration Reference

Backend Environment Variables

# Web3 Registry Configuration
WEB3_ENABLED=true
WEB3_CHAIN_ID=31
WEB3_RPC_URL=https://public-node.testnet.rsk.co
WEB3_CONTRACT_ADDRESS=0x657b5B93e07Add7B0dA58043B68f5Ddc57af467F
WEB3_PRIVATE_KEY=<REDACTED>
WEB3_CONFIRMATIONS=1
WEB3_TX_TIMEOUT_MS=60000

Citizen App Environment Variables

# Rootstock Configuration
EXPO_PUBLIC_WEB3_CHAIN_ID=31
EXPO_PUBLIC_WEB3_RPC_URL=https://public-node.testnet.rsk.co
EXPO_PUBLIC_WEB3_CONTRACT_ADDRESS=0x657b5B93e07Add7B0dA58043B68f5Ddc57af467F

# IPFS Configuration
EXPO_PUBLIC_IPFS_GATEWAY_BASE_URL=https://gateway.pinata.cloud

# API Configuration (for fallback)
EXPO_PUBLIC_API_BASE_URL=http://your-api-url
EXPO_PUBLIC_API_KEY=<REDACTED>

10. Next Steps - Milestone 2 Preview

With Milestone 1 complete, we are ready to proceed to Milestone 2: Security Audit.

Milestone 2 Goals

1. Security audit of the DidManifestRegistry contract
2. Remediation of any findings
3. Optimization based on audit recommendations
4. Final report published for community review

Why Security Audit Matters

• Protects users’ credential discovery mechanism
• Ensures contract cannot be exploited (access control, gas attacks, etc.)
• Builds trust for mainnet deployment
• Required for institutional adoption

Timeline

• Duration: 1 month
• Deliverable: Audit report and remediated contract
• Cost: $11,500 ($10,000 audit + $1,500 development)

11. Conclusion

Milestone 1: Complete

We have successfully achieved all deliverables for Milestone 1:

Key Achievements

1. Deployed and verified smart contract on Rootstock testnet
2. Integrated backend with dual-write mechanism (MySQL and Rootstock)
3. Implemented retry worker for reliable blockchain writes
4. Enabled backendless discovery in citizen app
5. Created comprehensive documentation (over 4,000 lines)
6. Tested end-to-end flow (issue, write, read, display)

Community Value

This integration demonstrates that Rootstock is not limited to DeFi applications, but can power decentralized identity infrastructure for governments, NGOs, and institutions. Our open-source implementation provides a reference architecture for the SSI community.

Open Source Commitment

All code is MIT licensed and available on GitHub. We invite developers, auditors, and the community to:

• Review our code
• Test on testnet
• Provide feedback
• Build on our infrastructure

Links and Resources

• Smart Contract: 0x657b5B93e07Add7B0dA58043B68f5Ddc57af467F
• Example Transaction: 0x86f469e8ed3e22b33558a36c5fe54cfa99b25c0488692ba079a89f4214d6f6d6
• Example Manifest on IPFS: QmfMQfrdXLw82GjxJaJZMdkZvttYrwXp6BXD79PJZ5VAB9
• GitHub Repository: Ikabott-MRM/identity
• Documentation: docs folder
• Issuer Portal: main.d1fkse5la21xp8.amplifyapp.com

Deployed Contract: 0x657b5B93e07Add7B0dA58043B68f5Ddc57af467F
Network: Rootstock Testnet (Chain 31)
Status: Testnet Ready
Date: January 17, 2026

Thanks for the detailed report, @mrmtech. All the materials including the smart contract and source code available on GitHub look solid.

We have a couple of questions and requests:

Apparently, the issuer app is only in Spanish. Do you have any plan to support English?

It’s great to have a demo Android application, but it would be great to provide a demo video to show how all the end-to-end flow works.

What kind of audit solutions are you planning to apply?

Would like to echo this request from Tane. Please also share a demo video that shows the entire flow you outlined in your Milestone 1 deliverables.