A decentralized community treasury built on Cardano, powered by a Plutus V2 smart contract, with wallet binding, role-based controls, audit transparency, and a single-UTxO pool model.
- Overview
- Problem It Solves
- Core Features
- System Architecture
- On-Chain Design
- Off-Chain & Backend Design
- Database Structure
- User Roles
- Application Flow
- Wallet Binding Logic
- Single UTxO Model Explained
- Installation & Setup
- How To Use The App
- Security Considerations
- Future Improvements
CommVault is a decentralized savings pool that allows:
- Community members to deposit ADA into a shared treasury
- A designated Treasurer to execute withdrawals
- Transparent transaction history & audit tracking
- Secure wallet binding per registered user
- Role-based access for treasury operations
Built using:
- Plutus V2 (Smart Contract)
- Lucid (Off-chain Tx Builder)
- PHP + MySQL (Backend APIs)
- Vanilla JS + HTML/CSS (Frontend)
- Cardano Lace Wallet (CIP-30)
Traditional community funds suffer from:
- Lack of transparency
- Manual bookkeeping
- Risk of fund mismanagement
- No cryptographic enforcement of roles
CommVault solves this by:
- Locking funds in a smart contract
- Enforcing treasurer-only withdrawals on-chain
- Logging all transactions in backend DB
- Binding wallets to user accounts
- Providing audit lookup by wallet
✅ Wallet binding (1 wallet per registered user) ✅ Single-UTxO treasury model ✅ Deposit & Withdraw via Plutus contract ✅ Treasurer dashboard ✅ Withdrawal request approval system ✅ Audit log by wallet address ✅ Modal-based wallet notifications ✅ Rate-limited login & registration ✅ Backend transaction tracking
flowchart LR
User --> Frontend
Frontend -->|CIP-30| Wallet
Frontend --> Backend
Frontend -->|Lucid Tx| Cardano
Backend --> Database
Cardano -->|UTxO State| Script
flowchart TD
subgraph Frontend
A1[Login/Register]
A2[Wallet Connect]
A3[Deposit]
A4[Withdraw]
A5[Audit Logs]
end
subgraph Backend
B1[Auth API]
B2[Bind Wallet API]
B3[Transactions API]
B4[Withdraw Requests API]
DB[(MySQL Database)]
end
subgraph Blockchain
C1[Plutus V2 Script]
C2[Single Pool UTxO]
end
A1 --> B1
A2 --> B2
A3 --> C1
A4 --> C1
A3 --> B3
A4 --> B3
A5 --> B3
B1 --> DB
B2 --> DB
B3 --> DB
B4 --> DB
C1 --> C2
-
Deposit
- Must preserve treasurer datum
- Must not decrease script value
- Must keep exactly ONE continuing output
-
Withdraw
- Must be signed by treasurer
- Must preserve datum
- May close pool OR recreate single UTxO
Instead of creating multiple UTxOs:
❌ Old behavior:
Deposit 1 → UTxO #1
Deposit 2 → UTxO #2
Deposit 3 → UTxO #3
✅ New behavior:
UTxO #0 (100 ADA)
Deposit 20 → consume #0 → recreate #0 (120 ADA)
Deposit 10 → consume #0 → recreate #0 (130 ADA)
All operations always use index 0.
Benefits:
- Easier accounting
- Predictable treasury state
- Simpler withdrawals
- Cleaner audit logic
- Connect wallet
- Enforce wallet binding
- Build transactions
- Select script UTxO index 0
- Merge deposits into single UTxO
/auth/login.php/auth/register.php/api/users/bind_wallet.php/api/transactions/log.php/api/withdraw_requests/*/api/stats.php
- id
- password_hash
- wallet_address
- wallet_bound_at
- is_active
- created_at
- id
- user_id
- pool_id
- tx_type
- amount_lovelace
- onchain_tx_hash
- status
- created_at
- id
- user_id
- pool_id
- full_name
- amount_ada
- recipient_address
- status
- created_at
- Register
- Connect wallet
- Deposit ADA
- Submit withdrawal request
- View transaction history
- Connect registered treasurer wallet
- Execute withdrawals
- Approve withdrawal requests
- Audit members by wallet address
-
User logs in
-
Connects wallet
-
If first time:
- Wallet is bound in DB
-
If wallet mismatch:
- Access denied
-
If wallet already used by another account:
- Registration blocked
sequenceDiagram
participant U as User
participant F as Frontend
participant B as Backend
participant C as Cardano
U->>F: Login
F->>B: Authenticate
U->>F: Connect Wallet
F->>B: Bind Wallet (if first time)
U->>F: Deposit ADA
F->>C: Submit Tx
F->>B: Log Transaction
U->>F: View Stats
F->>B: Fetch Transactions
wsl --install -d Ubuntu
git clone <repo-url>
cd community-pool
cabal update
cabal build
php -S localhost:8000
http://localhost:8000
- Register account
- Login
- Connect wallet
- First connection auto-binds wallet
- Enter deposit amount
- Confirm in wallet
- View updated stats
- Login with treasurer account
- Connect registered treasurer wallet
- View withdrawal requests
- Execute withdrawal
- Confirm transaction in wallet
-
Go to Audit Logs page
-
Paste wallet address
-
View:
- User details
- Total deposits
- Withdrawal history
- Password hashing via
password_hash() - CSRF token validation
- Rate limiting login/register
- Wallet binding enforcement
- Single-UTxO model
- On-chain treasurer signature enforcement
- Prepared statements for SQL queries
- Multi-sig treasurer
- Governance voting
- NFT membership badges
- CIP-68 metadata support
- Treasury analytics dashboard
- Mobile wallet optimization
- Auto-indexer integration
- IPFS document storage
Commvault is a full-stack decentralized treasury platform that:
- Enforces trust via smart contracts
- Provides transparency via audit logs
- Prevents wallet spoofing
- Uses a clean single-UTxO treasury design
- Separates roles securely
It demonstrates a real-world blockchain treasury system suitable for:
- Community savings groups
- DAOs
- Clubs
- Cooperatives
- Microfinance pools