Infrastructure SDK for Mantle

RWAs that are
DeFi-composable
without doxxing users.

Zk-RWA-Kit converts private eligibility proofs into temporary on-chain session credentials — so compliant assets can move freely among verified participants, without a permanent public allowlist.

Try the demos Learn how it works

The Problem

RWAs today force a bad trade-off:
privacy or composability — pick one.

👤

Users lose privacy

To access compliant RWA yield (like USDY), users must link their main wallet to a centralized KYC flow — permanently doxxing their on-chain history.

🔧

Developers hit dead ends

Permissioned tokens (ERC-3643-style) break standard DeFi. Transfers fail because AMMs, lending pools, and users aren't on the allowlist. Implementing this correctly is complex.

🧩

Ecosystems lack tooling

Mantle is pushing RWAs and privacy, but developers still lack a plug-and-play toolkit that turns private proofs into composable compliance.

The Solution

Just-in-time compliance.
Not permanent allowlists.

Zk-RWA-Kit is an infrastructure SDK that lets developers add privacy-preserving, just-in-time compliance to RWA workflows on Mantle. It doesn't bypass compliance — it creates a compliant perimeter where RWAs become DeFi-composable among eligible users and contracts.

Client-Side Prover

TypeScript + WASM

A browser library using TLSNotary MPC-TLS proofs to generate selective-disclosure eligibility proofs from an HTTPS session. Users prove a condition is true (e.g. "KYC verified", "not sanctioned") without revealing their full identity.

proveEligibility(providerUrl, claimSpec) → ProofPayload

Session Credentials

Solidity + Relayer

Proofs are verified off-chain by a relayer, which issues short-lived on-chain credentials. Instead of "wallet is forever KYC'd," users get:

Privacy: no permanent public flag
UX: no repeated KYC per interaction
Control: clear expiry and revocation

validUntil[user][claimType] = now + 24h

Compliant Perimeter

Token Wrappers + Middleware

Tokens and protocols check the session credential before transfers. This makes RWAs DeFi-compatible inside a verified set of participants — vaults, AMMs, lending pools can all work correctly for eligible users.

SessionPass.isValid(user, ELIGIBLE) → bool

How It Works

Private proof → Session credential → Composable compliance

Generate proof

User authenticates to a trusted eligibility source. The SDK splits session keys via MPC, then generates a cryptographic proof that the disclosed fields satisfy a compliance rule — without revealing the full identity.

Verify + issue credential

The relayer verifies the proof off-chain and writes an expiring SessionCredential on Mantle. This is the bridge from "private proof" to "on-chain compliance state."

Interact within the perimeter

Compliant tokens and DeFi integrations check the credential. Transfers, deposits, and withdrawals succeed — but only for verified participants. The asset stays composable inside the perimeter.

User story

Privacy-first RWA access

"I want to access a USDY-like yield token on Mantle without permanently doxxing my wallet. I generate a privacy-preserving eligibility proof and receive a 24-hour Compliance Pass. I can then interact with compliant DeFi integrations during that session."

Developer story

Plug-and-play compliance

"I want to build a compliant DeFi app on Mantle without building custom allowlists and edge-case transfer logic. I install Zk-RWA-Kit, use the compliance middleware, and my app automatically enforces eligibility via Session Credentials."

Live Demos

See the SDK in action

Two reference dApps showing the full flow: connect wallet → generate proof → receive credential → interact within the compliant perimeter.

zk-rwa-kit-token.vercel.app

Token Transfer

✓ Connected → ✓ Proved → Transfer

↔

Token Transfer Demo

Prove eligibility and move a permissioned RWA token. Without a valid session credential, the transfer is blocked.

Launch demo →

zk-rwa-kit-yield.vercel.app

Mantle Yield Vault

Deposit mUSDY into a compliant ERC-4626 vault. Only verified users can deposit and withdraw.