The contents of each KPASS is cryptographically committed to a single wallet address, making it unusable from any other address. KPASS implements most of the ERC-721 NFT interface excluding, notably, the transfer-related methods, since KPASSs are non-transferrable.
The contents of a KPASS are encrypted by the owners private keys in their browser and then stored on the IPFS compatible storage layer of the KimlikDAO protocol. The reason we do not use the IPFS network but a compatible subnetwork run by KimlikDAO protocol nodes is that some jurisdictions require personal information to be stored in certain geo locations, even if the data is encrypted and even if it's encrypted by the user themselves. IPFS protocol is not designed to respect such restrictions, whereas the KimlikDAO protocol nodes will always honor these restrictions.
Further, KimlikDAO nodes will stop persisting the contents of a KPASS if
the owner revokes the KPASS using the revoke() method of this contract,
giving the user the freedom to delete their persisted data at any time
(even though the user data is encrypted on the user side)
One can mint a KPASS by using the various flavors of the
create() method.
These methods differ in the payment type and whether a revoker list is
included. A discount is offered for including a revoker list, which
increases security as explained below.
A KPASS owner may call the revoke() method of KPASS at any time to revoke
it, thereby making it unusable. This is useful, for example, when a user
gets their wallet private keys stolen.
When minting a KPASS, you can nominate 3-5 addresses as revokers and assign each a weight. If enough of these addresses vote to revoke the KPASS, it will be revoked and become unusable.
This feature is useful in the event that your wallet private keys are stolen and, further, you no longer have access to them. In such circumstances, you can inform the nominated revokers and request them to cast a revoke vote.
To encourage setting up social revoke, a discount of 33% is offered
initially, and the discount rate is determined by the DAO vote thereafter.
The discount rate is set through the updatePricesBulk()
method, which can only be called by
VOTING, the KimlikDAO voting contract.
In the case a KPASS holder
- gets their private keys stolen, and
- lose access to the keys themselves, and
- did not set up social revoke when minting the KPASS,
there is one final way of disabling the stolen KPASS. The victim mints a new
KPASS and submits the exposureReport that comes with it to the
reportExposure()
method of this contract. Doing so will disable all
previous KPASSs across all chains belonging to this person. For convenience,
one may use the interface at https://kimlikdao.org/revoke to submit the
exposureReport to the KPASS contract.
One can add new revokers, increase the weight of existing revokers or reduce the revoke threshold after minting their KPASS by using the corresponding methods of this contract. Removing a revoker is not possible since it would allow an attacker having access to user private keys to remove all revokers.
The price of a KPASS is set by the updatePrice() or the updatedPricesBulk()
methods, which can only be called by VOTING, the KimlikDAO voting
contract.
Fees collected as an ERC-20 token are transferred directly to the
PROTOCOL_FUND, the KimlikDAO
treasury and fees collected in the native token are accumulated in this
contract first and then swept to
PROTOCOL_FUND periodically.
The sweep mechanism was put in place to minimize the gas cost of minting a
KPASS. The sweep is completely permissionless; anyone can call the
sweepNativeToken() to transfer the native token balance over to
PROTOCOL_FUND.
Further, weekly sweeps are done by KimlikDAO automation, covering the gas fee.