Architecture

Locale Lending implements a multi-layer system combining traditional web infrastructure with blockchain and off-chain computation.

System Overview

Locale Lending Architecture

LOCALE LENDING

Frontend

Next.js 15
React 19
wagmi/viem

Backend

API Routes
Prisma ORM
NextAuth

Blockchain

Arbitrum L2
Solidity 0.8.22
OpenZeppelin

Off-Chain Computation

Cartesi RollupsCircom ZK CircuitsPlaid Integration

Technology Stack

Frontend

Technology	Purpose
Next.js 15	React framework with App Router
React 19	UI component library
TypeScript	Type safety
Tailwind CSS	Styling
shadcn/ui	Component library
TanStack Query	Data fetching and caching
wagmi/viem	Web3 integration

Backend

Technology	Purpose
Next.js API Routes	REST endpoints
Prisma ORM	Database access
PostgreSQL	Primary database
NextAuth.js	Authentication
Alchemy Account Kit	Wallet abstraction

Blockchain

Technology	Purpose
Solidity 0.8.22	Smart contract language
Foundry	Development and testing
OpenZeppelin	Security standards
Arbitrum L2	Deployment network

Off-Chain Systems

Technology	Purpose
Cartesi Rollups	Verifiable computation
Circom	Zero-knowledge circuits
snarkjs	Proof generation
Plaid	Bank data integration

Smart Contract Architecture

Six core contracts deployed on Arbitrum:

Contract	Purpose
SimpleLoanPool	Lending operations and loan management
StakingPool	Investor capital management
PoolVault	Asset custody and accounting
BorrowerCredential	KYC verification NFTs
InvestorCredential	Accreditation NFTs
ProofVerifier	ZK proof validation

Cartesi DApp Handlers

The Cartesi rollup processes:

Borrower Registration — Identity verification
Loan Creation — Application processing
Transaction Sync — Plaid data ingestion
DSCR Calculation — Creditworthiness computation
Rate Adjustment — Dynamic interest rates

Data Flow

Bank Data Flow

Plaid API → HTTPS Gateway → JSON Processing →
Reclaim Protocol → ZK Proof → Arbitrum → SQLite Storage

Loan Application Flow

User Application → KYC Verification → Bank Connection →
DSCR Calculation → Rate Determination → Loan Approval → Fund Disbursement

API Architecture

The platform exposes 33+ REST endpoints organized by domain:

Domain	Endpoints	Auth Required
Pools	Pool listing, details, stats	No
Portfolio	Investor positions, history	Yes
Loans	Applications, repayments	Yes
Admin	Pool management, user admin	Yes (Admin)
Webhooks	Plaid events	Signature

Rate Limiting

Endpoint Type	Limit
Public APIs	100 requests/minute
Authenticated	200 requests/minute
Webhooks	1000 requests/minute
Admin	50 requests/minute

Security Layers

Application Security

Session-based authentication with JWT
CSRF protection
httpOnly cookies
Input validation with Zod schemas

Smart Contract Security

Role-based access control (RBAC)
UUPS upgradeable pattern
Emergency pause capability
Multi-sig admin controls

Data Security

AES-256 encryption at rest
TLS 1.3 in transit
Zero-knowledge proofs for sensitive data
No raw financial data stored on-chain

Next Steps

Smart Contracts — Contract details and interfaces
Verification System — How verification works
Security — Security measures and audits

System Overview​

Technology Stack​

Frontend​

Backend​

Blockchain​

Off-Chain Systems​

Smart Contract Architecture​

Cartesi DApp Handlers​

Data Flow​

Bank Data Flow​

Loan Application Flow​

API Architecture​

Rate Limiting​

Security Layers​

Application Security​

Smart Contract Security​

Data Security​

Next Steps​

System Overview

Technology Stack

Frontend

Backend

Blockchain

Off-Chain Systems

Smart Contract Architecture

Cartesi DApp Handlers

Data Flow

Bank Data Flow

Loan Application Flow

API Architecture

Rate Limiting

Security Layers

Application Security

Smart Contract Security

Data Security

Next Steps