Proof of Purpose runs on a hybrid Web2/Web3 stack chosen for auditability, accessibility, and speed of iteration.
The stack
- Frontend — React 18, Vite, TypeScript, Tailwind, brutalist design system.
- Wallets — thirdweb in-app smart wallets (email / Google / Apple / passkey, sponsored gas) for users; EOA (MetaMask / Coinbase / WalletConnect) for admins.
- Smart contracts — Base mainnet (chainId 8453): soulbound
$PURPOSE, Bounty Manager, Vendor Redemption, Treasury, Donation Split. - Backend — Lovable Cloud: Postgres with row-level security, edge functions, file storage, and authentication.
- QR redemption — in-browser camera scanner; settlement signed server-side.
- Donations — thirdweb PayEmbed for USDC and card-to-crypto.
Wallet model
Champions, Catalysts, Vendors, and Donors get a thirdweb in-app smart wallet on first login. Gas is sponsored, so users never see a "buy ETH" prompt. Admin tools require a connected EOA — the admin allowlist is evaluated server-side on first wallet login.
Settlement
A server-side signer holds SETTLEMENT_ROLE on the VendorRedemption contract and BOUNTY_ADMIN_ROLE on the Bounty Manager. Vendors and Champions never broadcast their own transactions — every mint and burn is intermediated by the signer, which enforces verification before settlement.
Data & RLS
Postgres tables are protected by row-level security policies. Roles are stored in a separate user_roles table and checked through a security-definer has_role() function — never on the profile row itself, to prevent privilege escalation.