Smart Contracts
Locale Lending's smart contracts handle all fund flows, credential management, and proof verification on Arbitrum.
Contract Overview
Smart Contract Layer
SMART CONTRACTS
Core Contracts
- LoanManager
- PoolManager
- WithdrawalManager
Support Contracts
- ProofVerifier
- CredentialRegistry
- AccessControl
Cartesi Rollup Integration
Custom LogicDSCR CalculationPython Backend
Core Contracts
UniqueIdentity
The identity verification and compliance layer for both investors and borrowers.
Key Features:
- Integrates Plaid APIs for KYC/AML checks
- Issues soulbound NFTs upon verification
- Grants access to investor or borrower roles
- Non-transferable credentials
Senior Pool
Manages retail investor capital deposits.
Key Features:
- Accepts USDC deposits from retail investors
- Issues yield-bearing tokens to investors
- Implements leverage strategy allocating capital to Loan Pools
- Fixed leverage model for capital allocation
Loan Pool Contracts
Created by institutional investors to fund borrowers.
Key Features:
- Manages loan disbursement and repayment
- Powered by Cartesi for off-chain DSCR calculations
- Automatically adjusts interest rates if DSR falls below 1.25x threshold
- Distributes borrower repayments to stakers in real-time
Security Patterns
UUPS Upgradeable
All contracts use the Universal Upgradeable Proxy Standard:
| Feature | Description |
|---|---|
| Upgrade Authorization | Only DEFAULT_ADMIN_ROLE can authorize upgrades |
| Proxy Pattern | Gas-efficient minimal proxy |
| Timelock | Delay on upgrades for security |
Benefits:
- Bug fixes without migration
- Gas-efficient proxy pattern
- Timelock-protected upgrades
Role-Based Access Control
| Role | Permissions |
|---|---|
| DEFAULT_ADMIN_ROLE | Full administrative access |
| POOL_ADMIN_ROLE | Pool configuration and management |
| MINTER_ROLE | Credential minting |
| REVOKER_ROLE | Credential revocation |
| PAUSER_ROLE | Emergency pause capability |
Reentrancy Protection
All fund-handling functions use OpenZeppelin's ReentrancyGuard:
| Protected Functions | Description |
|---|---|
| stake | Deposit funds into pools |
| withdraw | Withdraw funds from pools |
| disburse | Loan disbursement |
| repay | Loan repayment |
Emergency Pause
Critical contracts can be paused by authorized guardians:
| Action | Required Role |
|---|---|
| Pause | PAUSER_ROLE |
| Unpause | DEFAULT_ADMIN_ROLE |
Cartesi Integration
The Cartesi rollup executes custom logic in a Linux VM:
Off-Chain Processing
- DSCR Calculations — Complex financial computations
- Transaction Analysis — Plaid data processing
- Risk Scoring — Borrower assessment
- Rate Adjustments — Dynamic interest rate updates
Data Flow
Plaid Data → Encrypted Payload → Cartesi VM →
DSCR Result → ZK Proof → On-Chain Verification
Data Security
Encryption
- Plaid tokens encrypted with AES-256
- Sensitive data never stored on-chain
- Zero-knowledge proofs for verification
Privacy
- Raw financial data stays off-chain
- Only proofs and commitments on-chain
- Reclaim Protocol for zkTLS verification
Contract Addresses
Testnet Only
Contracts are currently deployed on KC Testnet (Chain ID: 4181). Mainnet addresses will be published after audit completion.
Audit Status
| Contract | Auditor | Status |
|---|---|---|
| StakingPool | TBD | Pending |
| SimpleLoanPool | TBD | Pending |
| BorrowerCredential | TBD | Pending |
| InvestorCredential | TBD | Pending |
| ProofVerifier | TBD | Pending |
Next Steps
- Credentials — Soulbound token details
- Verification — ZK proof system
- Security — Security measures