# KYC-Gated Smart Contract Access Control

## Challenge <a href="#id-4476" id="id-4476"></a>

Under the ethos of progressive decentralization, L1 blockchains conduct airdrops to distribute ownership of the network to their community. Ideally, community members who participate in the network — by deploying smart contracts, testing applications, helping with ecosystem growth, etc.— are rewarded proportionately to the value they create.

A well-executed airdrop is essential in bootstrapping decentralization and real usage of a blockchain protocol and is also a huge marketing opportunity. ZetaChain allocated a total of 31.5M ZETA (1.5% of 2.1B ZETA total supply) to this [genesis mainnet airdrop](https://www.zetachain.com/blog/the-zetalabs-airdrop-pre-claim), with rewards allocated to over 800,000 contributors to ZetaLabs’ testnet. ([See full token distribution here](https://www.zetachain.com/docs/about/token-utility/distribution/)).

To ensure regulatory compliance, ZetaChain required KYC and AML checks on contributors receiving an airdrop greater than 200 ZETA; additionally, they prevented airdrop claiming from OFAC sanctioned geographies.

## Enter TokenTable <a href="#b726" id="b726"></a>

ZetaChain used EthSign’s [TokenTable ](https://www.tokentable.xyz/)to conduct their KYC-gated airdrop on January 31st, 2024. The engagement entailed the development of a custom version of TokenTable that facilitated a compliant, streamlined airdrop for both ZETA recipients and the ZetaChain team.

The following TokenTable modules were used to facilitate the ZetaChain airdrop:

* **KYC-Gated Smart Contract Access:** Integration of the reputable KYC/AML provider [SumSub](https://sumsub.com/) to verify the government identification and liveness of \~15,000 airdrop recipients. For these recipients, passing the KYC check is a smart-contract-enforced requirement to claim the airdrop.
* **Custom Claiming Interface:** Development of a co-branded TokenTable interface that recipients are routed to from ZetaHub to claim their airdrop. Users connecting to this custom interface from OFAC-sanctioned geographies will be blocked.
* **Pre-paid Gas Fees:** Before the airdrop, ZetaChain contributors could not obtain mainnet ZETA, so the [TokenTable Unlocker](broken://spaces/JP1jAQLitA1tqbIHqb4o/pages/evdFwVNh1DhoZAueoO8L) smart contract was outfitted with pre-pay gas fee functionality for claimers.

## Smart Contract Access Control via Sign Protocol <a href="#id-3ff7" id="id-3ff7"></a>

<figure><img src="/files/rDp218LvZPpGgjfIL3Rv" alt=""><figcaption><p>A KYCHook that gates TokenTable claiming</p></figcaption></figure>

In order to restrict non-KYC’ed addresses from claiming ZETA via TokenTable, the off-chain KYC verification status of recipient addresses must be communicated to [TokenTable’s Unlocker](broken://spaces/JP1jAQLitA1tqbIHqb4o/pages/evdFwVNh1DhoZAueoO8L) smart contract.

[SIGN Attestation Protocol](https://medium.com/ethsign/attestations-sign-everything-onchain-01db9ebf39e7) was implemented in parallel with SumSub to a) bind the airdrop recipient's wallet address to an their KYC verification status, and b) to port recipient addresses’ KYC verification status on-chain so that TokenTable’s Unlocker smart contract can validate it.

The airdrop claiming flow is as follows:

1. Whitelisted wallets from non-sanctioned geographies are able to connect to [claims.zetachain.com](https://claims.zetachain.com/).
2. Claimers can view how much ZETA they have available to claim, and any lockup terms.
3. Conduct KYC verification via Sumsub by submitting their government ID.
4. To bind their address and KYC verification, claimers must use SIGN Protocol to sign an attestation message that is a hash of their address and KYC status.
5. The TokenTable Unlocker smart contract must validate the KYC attestation before enabling the associated wallet to claim its ZETA airdrop.

{% embed url="<https://youtu.be/BTm0Bp-dzQ0>" %}

You can check out the SIGN Protocol attestation smart contract that is [deployed on ZetaChain mainnet here](https://zetachain.blockscout.com/address/0x1BC26dd23b773806f080Acf65Cfb744166be9463)!


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sign.global/for-builders/getting-started/index/kyc-gated-smart-contract-access-control.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.