Document Store Smart Contracts for the OpenAttestation framework
The Document Store is a set of smart contracts for managing the issuance and revocation of documents. It is designed to be used in conjunction with the OpenAttestation library to issue and verify documents on the blockchains.
There are 2 types of document stores, namely, the regular Document Store and the Transferable Document Store.
The regular Document Store allows issuers to issue and revoke documents. However, these documents do not have an owner and are, hence, not transferable. Multiple documents issued on the Document Store can be "batched" under a single hash for issuance.
The Transferable Document Store allows issuers to issue and revoke documents, and these documents have an owner and are transferable. Each document is essentially an ERC-721 NFT (Non-Fungible Token). Thus, documents are issued individually and the document holder's identity can be verified. Although the documents are transferable, they can also be issued as "soulbound" documents which bounds to an owner. This can be particularly useful for certain use cases such as POAP.
To make integration easier, we have provided the packages containing the Typechain bindings for interacting with the document store.
npm install @govtechsg/document-store-ethers-v6npm install @govtechsg/document-store-ethers-v5For a complete list of functions, refer to IDocumentStoreBatchable.sol.
import { DocumentStore__factory } from "@govtechsg/document-store-ethers-v6"; // Or from "@govtechsg/document-store-ethers-v5"
const documentStore = DocumentStore__factory.connect(documentStoreAddress, signer);
const tx = await documentStore["issue"]("0x1234");
await tx.wait();const oaDocumentSignature = {
documentRoot: "0xMerkleRoot",
targetHash: "0xTargetHash",
proof: ["0xProof1", "0xProof2"]
};
const documentStore = DocumentStore__factory.connect(documentStoreAddress, signer);
const tx = await documentStore["issue"](oaDocumentSignature.documentRoot);
await tx.wait();
try {
const isDocIssued = await documentStore.isIssued(
oaDocumentSignature.documentRoot,
oaDocumentSignature.targetHash,
oaDocumentSignature.proof
);
console.log(isDocIssued); // Returns true or false
} catch (e) {
// Error will be thrown if proof is invalid
console.error(e);
}Note that this is different from batching. This issues multiple documents or document roots at once.
const documentStore = DocumentStore__factory.connect(documentStoreAddress, signer);
const bulkIssuances = [
documentStore.interface.encodeFunctionData("issue", ["0xDocRoot1"]),
documentStore.interface.encodeFunctionData("issue", ["0xDocRoot2"])
];
const tx = await documentStore.multicall(bulkIssuances);
await tx.wait();const documentStore = DocumentStore__factory.connect(documentStoreAddress, signer);
const tx = await documentStore["revoke"]("0x1234");
await tx.wait();const documentStore = DocumentStore__factory.connect(documentStoreAddress, signer);
const tx = await documentStore["revoke"]("0xDocumentRoot", "0xTargetHash", ["0xProof1", "0xProof2"]);
await tx.wait();For a complete list of functions, refer to ITransferableDocumentStore.sol.
import { TransferableDocumentStore__factory } from "@govtechsg/document-store-ethers-v6"; // Or from "@govtechsg/document-store-ethers-v5"
const transferableDocumentStore = TransferableDocumentStore__factory.connect(transferableDocumentStoreAddress, signer);
// Issues a transferable document
const tx = await transferableDocumentStore.issue("0xRecipientAddress", "0xDocTargetHash", false);
await tx.wait();
//Issues a soulbound document
const tx = await transferableDocumentStore.issue("0xRecipientAddress", "0xDocTargetHash", true);
await tx.wait();const transferableDocumentStore = TransferableDocumentStore__factory.connect(transferableDocumentStoreAddress, signer);
const tx = await transferableDocumentStore.revoke("0xDocTargetHash");
await tx.wait();Roles are useful for granting users to access certain functions only. Here are the designated roles meant for the different key operations.
| Role | Access |
|---|---|
DEFAULT_ADMIN_ROLE |
Able to perform all operations |
ISSUER_ROLE |
Able to issue documents |
REVOKER_ROLE |
Able to revoke documents |
A trusted user can be granted multiple roles by the admin user to perform different operations. The following functions can be called on the token contract by the admin user to grant and revoke roles to and from users.
const issuerRole = await documentStore.issuerRole();
await documentStore.grantRole(issuerRole, "0xIssuerStaff");Can only be called by default admin or role admin.
const revokerRole = await documentStore.revokerRole();
await documentStore.revokeRole(revokerRole, "0xRevokerStaff");Can only be called by default admin or role admin.
In all the deployment commands, you can replace network argument to any of the supported networks. Optionally, you can also supply --verify=1 if you wish to verify the contracts. During deployment, you will be prompted to supply your private key interactively.
Important
The DEPLOYER_ADDRESS in .env is required to be the address of the deployer. See Configuration section.
npm run -s deploy:ds --network="mainnet" --name="My Document Store" --admin="0x1234"The name is the name you want to have for the document store and the admin is the address who will be the default admin of the document store.
npm run -s deploy:ds:upgradeable --network="mainnet" --name="My Document Store" --admin="0x1234" --verify=1Note that in the example above, the --verify=1 is optionally passed to verify the contracts.
npm run -s deploy:tds --network="mainnet" --name="My Transferable Document Store" --symbol="XYZ" --admin="0x1234" --verify=1The name and symbol are the standard ERC-721 token name and symbol respectively. The admin is the address who will be the default admin of the document store.
npm run -s deploy:tds:upgradeable --network="mainnet" --name="My Transferable Document Store" --symbol="XYZ" --admin="0x1234" --verify=1To deploy using a hardware wallet, you can set the OA_LEDGER environment variable to the HD path of your wallet. For example, OA_LEDGER=m/44'/60'/0'/0/0.
You can pass --verify=1 to the deployment commands if you wish to verify the contracts. You will need to include your Etherscan API keys for the respective networks in your .env configuration. See Configuration section for more info.
Most EVM-based blockchains should support the document store contracts. For the more common blockchains listed below, we may deploy implementations to help reduce deployment gas fees.
- Ethereum
- Polygon
- Arbitrum One
- Optimism
Note
For a list of pre-configured network names for passing to --network during deployment, refer to the foundry.toml file.
If you wish to deploy to a network not configured yet, you can add it to the foundry.toml file and pass the name of the network you've added to --network during deployment.
Create a .env file based on .env.example and provide the information in it.
The DEPLOYER_ADDRESS is required to be the address of the deployer during deployment. The Etherscan API keys are only required if you plan to verify the contracts on their respective chains.
This repository uses Foundry for its development. To install Foundry, run the following commands:
curl -L https://foundry.paradigm.xyz | bashThe contracts have not gone through formal audits yet. Please use them at your own discretion.