Skip to main content

Overview

AttestProtocol enables verifiable trust across diverse industries and use cases. This guide demonstrates practical applications with implementation patterns, showing how attestations solve real business problems through programmable trust infrastructure.

Identity & Compliance

KYC/AML Verification

DeFi protocols face an impossible choice between regulatory compliance and user privacy. Every protocol must either build expensive identity verification systems or risk regulatory action, while users endure repetitive KYC processes that create friction and expose sensitive data across multiple platforms.
  • Protocols build expensive verification systems independently
  • Users repeat KYC processes for every platform
  • Smaller protocols get locked out of regulated products
  • Platforms become honeypots for sensitive personal data
  • Manual verification processes create friction and abandonment
With Attestations:
  • Specialized KYC providers verify users once
  • Protocols verify eligibility instantly without handling PII
  • Users access multiple protocols with single verification
  • Liability transfers to licensed verification specialists
  • Privacy preserved while maintaining compliance
// KYC Provider issuing attestation
const kycAttestation = await kycProviderSDK.attest({
  schemaUID: 'kyc-aml-basic-v1',
  subject: userAddress,
  value: 'verified:true,level:enhanced,riskScore:15,completedDate:1704067200',
  reference: `kyc-${userAddress}-${Date.now()}`
});

// DeFi Protocol verifying compliance
async function checkUserCompliance(userAddress: string): Promise<boolean> {
  const result = await protocolSDK.fetchAttestation({
    schemaUID: 'kyc-aml-basic-v1',
    subject: userAddress
  });

  if (result.error || !result.data || result.data.revoked) {
    return false;
  }

  const kycData = parseAttestationData(result.data.value);
  return kycData.verified && kycData.riskScore < 50;
}
Benefits:
  • DeFi protocols avoid handling PII directly
  • Users complete KYC once, access multiple protocols
  • Regulatory compliance through verified third parties
  • Real-time verification without manual review

Age & Geographic Restrictions

Platforms need to verify ages for legal compliance, but collecting birthdates creates massive regulatory obligations under GDPR, COPPA, and other privacy laws. Each jurisdiction has different age requirements while current verification methods either fail security or create user abandonment.
  • Self-reported ages are easily faked and legally insufficient
  • Government ID uploads create privacy concerns and cart abandonment
  • Every platform rebuilds age verification from scratch
  • Multiple jurisdiction requirements complicate compliance
  • Many platforms exclude entire geographic markets to avoid complexity
With Attestations:
  • Age verification services check IDs once and issue age threshold attestations
  • Platforms verify “over 18/21” status without seeing birthdates
  • Different age thresholds supported (13+, 18+, 21+) per requirement
  • Compliance obligations stay with licensed verification providers
  • Geographic restrictions enforced without storing location data
// Age verification schema
const ageSchema = {
  name: 'age-verification',
  definition: 'minimumAge:uint8,country:string,verifiedDate:uint64,method:string'
};

// Age verification service
const ageAttestation = await ageVerifierSDK.attest({
  schemaUID: 'age-verification-v1',
  subject: userAddress,
  value: 'minimumAge:21,country:US,verifiedDate:1704067200,method:id-document',
  reference: `age-check-${userAddress}`
});

// Platform access control
async function grantAccess(userAddress: string, requiredAge: number): Promise<boolean> {
  const ageResult = await platformSDK.fetchAttestation({
    schemaUID: 'age-verification-v1',
    subject: userAddress
  });

  if (ageResult.data && !ageResult.data.revoked) {
    const ageData = parseAttestationData(ageResult.data.value);
    return ageData.minimumAge >= requiredAge;
  }

  return false;
}

Proof of Humanity & Sybil Resistance

Decentralized governance fails when single actors create multiple identities to manipulate voting outcomes. Current systems either enable Sybil attacks through unlimited wallet creation or devolve into plutocracy through token-weighted voting.
  • Anyone can create unlimited wallet addresses to vote multiple times
  • Token-weighted voting gives whales disproportionate power
  • Bot farms generate thousands of fake governance participants
  • Identity verification requires exposing personal information
  • Centralized identity providers create single points of failure
With Attestations:
  • Humanity verification services use biometric and behavioral analysis
  • Each participant gets one unique human attestation across all systems
  • Zero-knowledge proofs preserve privacy while proving uniqueness
  • Multiple competing providers prevent centralization
  • Economic and technical barriers make fake identity creation unfeasible
// Humanity verification schema
const humanitySchema = {
  name: 'proof-of-humanity',
  definition: 'isHuman:bool,uniqueId:string,confidence:uint8,verificationDate:uint64'
};

// Sybil-resistant voting
async function castVote(voterAddress: string, proposalId: string, vote: string) {
  const humanityResult = await daoSDK.fetchAttestation({
    schemaUID: 'proof-of-humanity-v1',
    subject: voterAddress
  });

  if (!humanityResult.data || humanityResult.data.revoked) {
    throw new Error('Humanity verification required');
  }

  const humanData = parseAttestationData(humanityResult.data.value);
  if (!humanData.isHuman || humanData.confidence < 80) {
    throw new Error('Insufficient humanity confidence score');
  }

  // Cast vote with verified human status
  await recordVote(proposalId, voterAddress, vote, humanData.uniqueId);
}

DAOs & Governance

Contribution-Based Voting Weight

DAO governance becomes plutocracy when voting power comes solely from token holdings. Active contributors watch their proposals fail while inactive whales make technical decisions they don’t understand, driving talent away and degrading decision quality.
  • Early token buyers control all decisions regardless of contribution
  • Developers and community builders lack governance influence
  • Inactive whales vote on technical proposals they don’t understand
  • Manual contribution tracking doesn’t scale and creates centralization
  • Talented contributors leave for projects that value their work
With Attestations:
  • Verified code commits, events organized, and content created earn voting weight
  • Active contributors gain governance influence matching their value creation
  • Technical decisions get made by people who understand the codebase
  • Contribution history becomes portable across DAOs and platforms
  • Gaming requires actual work rather than just buying tokens
// Contribution tracking schema
const contributionSchema = {
  name: 'dao-contribution',
  definition: 'totalContributions:uint32,codeCommits:uint16,proposalsSubmitted:uint16,lastActive:uint64'
};

// Contribution tracking service
async function recordContribution(contributor: string, type: string, value: number) {
  const existing = await daoSDK.fetchAttestation({
    schemaUID: 'dao-contribution-v1',
    subject: contributor
  });

  let contributions = { totalContributions: 0, codeCommits: 0, proposalsSubmitted: 0 };
  
  if (existing.data && !existing.data.revoked) {
    contributions = parseAttestationData(existing.data.value);
  }

  // Update contribution metrics
  contributions.totalContributions += value;
  if (type === 'code') contributions.codeCommits += 1;
  if (type === 'proposal') contributions.proposalsSubmitted += 1;

  await daoSDK.attest({
    schemaUID: 'dao-contribution-v1',
    subject: contributor,
    value: `totalContributions:${contributions.totalContributions},codeCommits:${contributions.codeCommits},proposalsSubmitted:${contributions.proposalsSubmitted},lastActive:${Math.floor(Date.now() / 1000)}`,
    reference: `contribution-${contributor}-${Date.now()}`
  });
}

// Dynamic voting weight calculation
async function calculateVotingWeight(voterAddress: string): Promise<number> {
  const contributionResult = await daoSDK.fetchAttestation({
    schemaUID: 'dao-contribution-v1',
    subject: voterAddress
  });

  if (!contributionResult.data || contributionResult.data.revoked) {
    return 1; // Base voting weight
  }

  const contributions = parseAttestationData(contributionResult.data.value);
  
  // Weight formula: base + contributions + code multiplier + proposal bonus
  const weight = 1 + 
    Math.min(contributions.totalContributions / 100, 10) +
    Math.min(contributions.codeCommits * 2, 20) +
    Math.min(contributions.proposalsSubmitted * 5, 25);

  return Math.floor(weight);
}

Reputation Scoring

Assessing member trustworthiness requires aggregating performance signals across multiple dimensions, but reputation remains trapped within individual platforms, preventing comprehensive evaluation of expertise and reliability.
  • Reputation scores reset when switching platforms or communities
  • Valuable contribution history gets lost between systems
  • No way to verify claimed expertise or past performance
  • Manual reference checking doesn’t scale for DAOs
  • Bad actors exploit lack of portable reputation
With Attestations:
  • Multi-source reputation aggregates peer endorsements and project outcomes
  • Members carry verified reputation across all platforms
  • Technical skills, reliability, and leadership tracked separately
  • Automated reputation checks replace manual verification
  • Historical performance data enables informed trust decisions
// Reputation schema
const reputationSchema = {
  name: 'member-reputation',
  definition: 'overallScore:uint16,technicalSkill:uint8,reliability:uint8,leadership:uint8,peerEndorsements:uint16'
};

// Peer endorsement system
async function endorseMember(endorser: string, member: string, skillArea: string, rating: number) {
  // Verify endorser has authority to endorse
  const endorserRep = await daoSDK.fetchAttestation({
    schemaUID: 'member-reputation-v1',
    subject: endorser
  });

  if (!endorserRep.data || parseAttestationData(endorserRep.data.value).overallScore < 100) {
    throw new Error('Insufficient reputation to endorse');
  }

  // Update member reputation
  const memberRep = await daoSDK.fetchAttestation({
    schemaUID: 'member-reputation-v1',
    subject: member
  });

  let reputation = { overallScore: 50, technicalSkill: 50, reliability: 50, leadership: 50, peerEndorsements: 0 };
  
  if (memberRep.data && !memberRep.data.revoked) {
    reputation = parseAttestationData(memberRep.data.value);
  }

  // Apply endorsement
  reputation[skillArea] = Math.min(reputation[skillArea] + rating, 100);
  reputation.peerEndorsements += 1;
  reputation.overallScore = Math.floor(
    (reputation.technicalSkill + reputation.reliability + reputation.leadership) / 3
  );

  await daoSDK.attest({
    schemaUID: 'member-reputation-v1',
    subject: member,
    value: `overallScore:${reputation.overallScore},technicalSkill:${reputation.technicalSkill},reliability:${reputation.reliability},leadership:${reputation.leadership},peerEndorsements:${reputation.peerEndorsements}`,
    reference: `endorsement-${member}-${Date.now()}`
  });
}

Gaming & NFTs

Event Attendance Verification

Exclusive events create value through scarcity, but proving attendance after the fact remains impossible to verify or monetize. Legitimate attendees miss ongoing benefits while fraudulent claims dilute participation value.
  • No verifiable proof of attendance after events end
  • Anyone can falsely claim attendance at exclusive events
  • Attendance records trapped in proprietary ticketing systems
  • Event organizers can’t reward attendees retroactively
  • Manual attendance verification doesn’t scale for benefits
With Attestations:
  • Event check-in triggers cryptographic attendance attestations
  • Permanent, verifiable proof enables ongoing exclusive access
  • Cross-platform attendance records unlock benefits everywhere
  • Smart contracts automatically reward verified attendees
  • Network effects increase value as more platforms recognize attendance
// Event attendance schema
const attendanceSchema = {
  name: 'event-attendance',
  definition: 'eventId:string,eventName:string,attendanceType:string,timestamp:uint64,role:string'
};

// Event check-in system
async function checkInAttendee(attendeeAddress: string, eventId: string, role: string = 'attendee') {
  const attendance = await eventSDK.attest({
    schemaUID: 'event-attendance-v1',
    subject: attendeeAddress,
    value: `eventId:${eventId},eventName:DevCon2024,attendanceType:physical,timestamp:${Math.floor(Date.now() / 1000)},role:${role}`,
    reference: `checkin-${eventId}-${attendeeAddress}`
  });

  return attendance;
}

// NFT drop eligibility
async function checkDropEligibility(userAddress: string, requiredEvents: string[]): Promise<boolean> {
  const attendanceResult = await nftSDK.fetchAttestation({
    schemaUID: 'event-attendance-v1',
    subject: userAddress
  });

  if (!attendanceResult.data || attendanceResult.data.revoked) {
    return false;
  }

  const attendance = parseAttestationData(attendanceResult.data.value);
  return requiredEvents.includes(attendance.eventId);
}

Cross-Game Reputation

Gamers invest thousands of hours building skills and reputation that vanish when switching games. This fragmentation wastes expertise and prevents efficient skill-based matchmaking across gaming ecosystems.
  • Achievements and reputation trapped within individual games
  • Skilled players start from zero in every new game
  • Competitive teams can’t verify cross-game player capabilities
  • Gaming expertise provides no benefit in new communities
  • Platform lock-in from fear of losing accumulated status
With Attestations:
  • Universal gaming reputation follows players across all platforms
  • Verified skill levels enable appropriate matchmaking in new games
  • Competitive teams assess player capabilities before recruitment
  • Past achievements unlock exclusive content everywhere
  • Gaming identity becomes portable digital asset
// Gaming reputation schema
const gamingRepSchema = {
  name: 'gaming-reputation',
  definition: 'overallRating:uint16,skillLevel:uint8,gamesPlayed:uint16,achievements:uint16,fairPlay:uint8'
};

// Cross-platform reputation sync
async function syncGameReputation(playerAddress: string, gameData: any) {
  const existingRep = await gamingSDK.fetchAttestation({
    schemaUID: 'gaming-reputation-v1',
    subject: playerAddress
  });

  let reputation = { overallRating: 0, skillLevel: 1, gamesPlayed: 0, achievements: 0, fairPlay: 100 };
  
  if (existingRep.data && !existingRep.data.revoked) {
    reputation = parseAttestationData(existingRep.data.value);
  }

  // Update with new game data
  reputation.gamesPlayed += gameData.sessionsPlayed;
  reputation.achievements += gameData.newAchievements;
  reputation.skillLevel = Math.min(reputation.skillLevel + gameData.skillIncrease, 100);
  reputation.overallRating = Math.floor(
    (reputation.skillLevel * 0.4) + 
    (Math.min(reputation.gamesPlayed / 10, 30) * 0.3) +
    (Math.min(reputation.achievements, 30) * 0.3)
  );

  await gamingSDK.attest({
    schemaUID: 'gaming-reputation-v1',
    subject: playerAddress,
    value: `overallRating:${reputation.overallRating},skillLevel:${reputation.skillLevel},gamesPlayed:${reputation.gamesPlayed},achievements:${reputation.achievements},fairPlay:${reputation.fairPlay}`,
    reference: `game-sync-${playerAddress}-${Date.now()}`
  });
}

// Game access control
async function grantPremiumAccess(playerAddress: string): Promise<boolean> {
  const repResult = await gameSDK.fetchAttestation({
    schemaUID: 'gaming-reputation-v1',
    subject: playerAddress
  });

  if (repResult.data && !repResult.data.revoked) {
    const rep = parseAttestationData(repResult.data.value);
    return rep.overallRating >= 75 && rep.fairPlay >= 80;
  }

  return false;
}

DeFi & Finance

Accredited Investor Verification

Securities laws require accreditation verification for many DeFi products, but implementing compliant systems creates massive overhead. Each protocol faces the choice between excluding retail investors or risking regulatory penalties.
  • Every protocol builds separate accreditation verification systems
  • Storing financial documents creates legal and security liability
  • Investors repeat accreditation for each DeFi platform
  • Smaller protocols can’t afford compliance infrastructure
  • Geographic variations complicate multi-jurisdiction offerings
With Attestations:
  • Licensed institutions issue portable accreditation attestations
  • Protocols verify status instantly without handling financial data
  • One accreditation process works across all DeFi platforms
  • Liability stays with specialized, insured verification providers
  • Smaller protocols access compliant investor verification
// Accredited investor schema
const accreditedSchema = {
  name: 'accredited-investor',
  definition: 'isAccredited:bool,accreditationType:string,verificationDate:uint64,jurisdiction:string,expiryDate:uint64'
};

// Investment platform access control
async function checkInvestmentEligibility(
  investorAddress: string, 
  investmentAmount: number
): Promise<{ eligible: boolean; reason?: string }> {
  
  if (investmentAmount <= 1000) {
    return { eligible: true }; // Small investments don't require accreditation
  }

  const accreditationResult = await defiSDK.fetchAttestation({
    schemaUID: 'accredited-investor-v1',
    subject: investorAddress
  });

  if (!accreditationResult.data || accreditationResult.data.revoked) {
    return { 
      eligible: false, 
      reason: 'Accredited investor verification required for investments over $1,000' 
    };
  }

  const accreditation = parseAttestationData(accreditationResult.data.value);
  
  if (!accreditation.isAccredited) {
    return { eligible: false, reason: 'Accredited investor status required' };
  }

  const now = Math.floor(Date.now() / 1000);
  if (accreditation.expiryDate < now) {
    return { eligible: false, reason: 'Accreditation has expired' };
  }

  return { eligible: true };
}

Credit Scoring for Lending

DeFi lending requires 150%+ collateralization because protocols can’t assess creditworthiness. This capital inefficiency limits lending to crypto-wealthy users while excluding the broader market that actually needs credit access.
  • No credit history exists for DeFi users across protocols
  • Over-collateralization defeats the purpose of borrowing
  • Lending behavior fragmented across wallets and chains
  • Each protocol’s isolated credit model wastes behavioral data
  • Traditional credit bureaus won’t integrate with DeFi
With Attestations:
  • On-chain behavior aggregates into comprehensive credit scores
  • Interest rates reflect actual creditworthiness, not blanket rates
  • Qualified borrowers access under-collateralized loans
  • Every repayment improves scores across all protocols
  • Privacy preserved while enabling risk-based lending
// Credit score schema
const creditSchema = {
  name: 'defi-credit-score',
  definition: 'creditScore:uint16,totalBorrowed:uint64,onTimePayments:uint16,defaults:uint8,lastUpdated:uint64'
};

// Credit scoring service
async function updateCreditScore(borrowerAddress: string, loanData: any) {
  const existingCredit = await lendingSDK.fetchAttestation({
    schemaUID: 'defi-credit-score-v1',
    subject: borrowerAddress
  });

  let credit = { creditScore: 600, totalBorrowed: 0, onTimePayments: 0, defaults: 0 };
  
  if (existingCredit.data && !existingCredit.data.revoked) {
    credit = parseAttestationData(existingCredit.data.value);
  }

  // Update credit metrics
  credit.totalBorrowed += loanData.amount;
  
  if (loanData.paidOnTime) {
    credit.onTimePayments += 1;
    credit.creditScore = Math.min(credit.creditScore + 5, 850);
  } else {
    credit.defaults += 1;
    credit.creditScore = Math.max(credit.creditScore - 50, 300);
  }

  await lendingSDK.attest({
    schemaUID: 'defi-credit-score-v1',
    subject: borrowerAddress,
    value: `creditScore:${credit.creditScore},totalBorrowed:${credit.totalBorrowed},onTimePayments:${credit.onTimePayments},defaults:${credit.defaults},lastUpdated:${Math.floor(Date.now() / 1000)}`,
    reference: `credit-update-${borrowerAddress}-${Date.now()}`
  });
}

// Lending eligibility and rates
async function calculateLoanTerms(borrowerAddress: string, requestedAmount: number) {
  const creditResult = await lendingSDK.fetchAttestation({
    schemaUID: 'defi-credit-score-v1',
    subject: borrowerAddress
  });

  let baseRate = 12; // 12% base interest rate
  let maxLoan = 1000; // $1000 default max

  if (creditResult.data && !creditResult.data.revoked) {
    const credit = parseAttestationData(creditResult.data.value);
    
    // Adjust terms based on credit score
    if (credit.creditScore >= 750) {
      baseRate = 8;
      maxLoan = 50000;
    } else if (credit.creditScore >= 650) {
      baseRate = 10;
      maxLoan = 10000;
    } else if (credit.creditScore >= 550) {
      baseRate = 15;
      maxLoan = 5000;
    }

    // Factor in payment history
    const paymentRatio = credit.onTimePayments / (credit.onTimePayments + credit.defaults);
    if (paymentRatio >= 0.95) {
      baseRate -= 1; // 1% discount for excellent payment history
    }
  }

  return {
    approved: requestedAmount <= maxLoan,
    maxAmount: maxLoan,
    interestRate: baseRate,
    requestedAmount
  };
}

Professional & Education

Skill Certification for Technical Roles

The blockchain industry faces a skills verification crisis where traditional credentials fail to reflect actual capabilities. Self-taught developers can’t prove competencies while projects desperately need qualified contributors but waste resources on ineffective hiring processes.
  • Traditional degrees don’t cover blockchain technologies
  • Each employer independently verifies skills through interviews
  • Self-taught developers lack credible certification paths
  • Geographic barriers prevent access to training institutions
  • Resume fraud wastes hiring resources and delays projects
With Attestations:
  • Training providers issue verifiable skill attestations
  • Actual capabilities verified rather than proxy credentials
  • Global developers prove skills regardless of background
  • Continuous skill updates reflect evolving technologies
  • Cryptographic verification eliminates credential fraud
// Developer certification schema
const devCertSchema = {
  name: 'blockchain-developer-cert',
  definition: 'languages:string,experienceYears:uint8,projectsCompleted:uint16,certificationLevel:string,skillsVerified:string'
};

// Training provider issuing certification
async function issueDeveloperCertification(
  developerAddress: string, 
  completedCourse: any
) {
  const certification = await trainingSDK.attest({
    schemaUID: 'blockchain-developer-cert-v1',
    subject: developerAddress,
    value: `languages:${completedCourse.languages.join('|')},experienceYears:${completedCourse.experience},projectsCompleted:${completedCourse.projects},certificationLevel:${completedCourse.level},skillsVerified:${completedCourse.skills.join('|')}`,
    reference: `cert-${completedCourse.courseId}-${developerAddress}`
  });

  return certification;
}

// DAO technical role qualification
async function qualifyForTechnicalRole(
  applicantAddress: string, 
  requiredSkills: string[]
): Promise<{ qualified: boolean; details: any }> {
  
  const certResult = await daoSDK.fetchAttestation({
    schemaUID: 'blockchain-developer-cert-v1',
    subject: applicantAddress
  });

  if (!certResult.data || certResult.data.revoked) {
    return { 
      qualified: false, 
      details: { reason: 'No developer certification found' }
    };
  }

  const cert = parseAttestationData(certResult.data.value);
  const applicantSkills = cert.skillsVerified.split('|');
  const languages = cert.languages.split('|');

  // Check skill requirements
  const hasRequiredSkills = requiredSkills.every(skill => 
    applicantSkills.includes(skill) || languages.includes(skill)
  );

  const meetsExperience = cert.experienceYears >= 2;
  const hasProjects = cert.projectsCompleted >= 5;

  return {
    qualified: hasRequiredSkills && meetsExperience && hasProjects,
    details: {
      skills: applicantSkills,
      languages,
      experience: cert.experienceYears,
      projects: cert.projectsCompleted,
      level: cert.certificationLevel
    }
  };
}

Implementation Patterns

Multi-Schema Verification

Combine multiple attestations for comprehensive verification: 
async function verifyComprehensiveEligibility(userAddress: string) {
  // Fetch multiple relevant attestations
  const [kycResult, reputationResult, skillsResult] = await Promise.all([
    sdk.fetchAttestation({ schemaUID: 'kyc-basic-v1', subject: userAddress }),
    sdk.fetchAttestation({ schemaUID: 'member-reputation-v1', subject: userAddress }),
    sdk.fetchAttestation({ schemaUID: 'blockchain-developer-cert-v1', subject: userAddress })
  ]);

  // Aggregate verification results
  const verification = {
    identity: kycResult.data && !kycResult.data.revoked,
    reputation: reputationResult.data && !reputationResult.data.revoked,
    skills: skillsResult.data && !skillsResult.data.revoked,
    overall: false
  };

  // Calculate overall eligibility
  verification.overall = verification.identity && verification.reputation && verification.skills;

  return verification;
}

Time-Based Attestation Logic

Handle time-sensitive attestations with expiration logic: 
function isAttestationValid(attestation: any, maxAge: number = 86400): boolean {
  if (!attestation || attestation.revoked) {
    return false;
  }

  const data = parseAttestationData(attestation.value);
  const now = Math.floor(Date.now() / 1000);
  
  // Check if attestation has explicit expiry
  if (data.expiryDate && data.expiryDate < now) {
    return false;
  }

  // Check if attestation is too old
  if (data.timestamp && (now - data.timestamp) > maxAge) {
    return false;
  }

  return true;
}
These use cases demonstrate how AttestProtocol transforms abstract trust requirements into concrete, programmable verification systems that enhance security, user experience, and business logic across diverse Web3 applications.