Breaking the chain of paper tickets, one block at a time.
CryptoPass is a decentralized ticketing application built on the Ethereum Sepolia Testnet. It tackles common ticketing problems — fraud, double-spending, and unclear ownership — by representing every ticket as an ERC-20 token on the blockchain, making them secure, transparent, and impossible to counterfeit.
Tickets are purchased with Sepolia ETH (SETH) and managed entirely through a custom Solidity smart contract. A React frontend provides an accessible interface for attendees, venue staff, and event organizers alike.
Course: CS4455 — Ethical Hacking and Security 1: Blockchain Technologies and Applications
| Feature | Description |
|---|---|
| Wallet Creation | Generate a new Ethereum wallet with encrypted keystore file download |
| Ticket Purchase | Buy up to 2 tickets per transaction using SETH, with MetaMask or keystore file |
| Ticket Refund | Return unused tickets and receive an automatic ETH refund from the vendor's balance |
| Ticket Burning | Doormen can permanently invalidate used tickets by burning them to the zero address |
| Balance Dashboard | Check ETH balance and CryptoPass token count with role-specific views (User / Doorman / Vendor) |
| Vendor Earnings | Vendors can withdraw accumulated ticket sale revenue directly from the contract |
The contract is a custom ERC-20 implementation written in Solidity, deployed on the Sepolia testnet. It goes beyond standard token functionality to support a full ticketing lifecycle:
- ERC-20 Compliance — Implements
transfer,transferFrom,approve,allowance, mint, and burn - SETH-Based Purchases — Users send ETH directly to the contract via
buyTicket()to receive tokens;refundTicket()reverses the process - Role-Based Access Control — Three roles enforced via modifiers:
onlyOwner— Contract deployer; can set prices, assign roles, withdraw residual fundsonlyVendor— Distributes tickets, withdraws ticket sale earningsonlyDoorman— Burns tickets at the venue entrance
- Reentrancy Protection — A
noReentrancymodifier guards all ETH transfer functions - Configurable Deployment — Ticket price, vendor address, and token supply are passed as constructor arguments (no hardcoded values)
The React app provides four main pages:
Home Page
├── Create Wallet ─── Generate wallet + download encrypted keystore (.json)
├── Buy Tickets ───── Purchase tickets via MetaMask or keystore file
├── Check Balance ─── Role-based dashboard (User / Doorman / Vendor tabs)
└── Return Tickets ── Refund tickets for ETH
Wallet connectivity supports two methods:
- MetaMask — Direct browser wallet connection
- Keystore File — Upload an encrypted
.jsonkeystore and enter the password
| Component | Technology |
|---|---|
| Frontend | React |
| Smart Contract | Solidity (ERC-20) |
| Blockchain Interaction | Web3.js |
| Network | Ethereum Sepolia Testnet |
| Testing | Remix IDE + Solidity unit tests (remix_tests) |
| Contract Deployment | Remix IDE |
CryptoPass/
├── contracts/
│ ├── TicketToken.sol # Main smart contract (ERC-20 + ticketing logic)
│ ├── ERC20Interface.sol # ERC-20 interface definition
│ └── artifacts/ # Compiled ABI and bytecode
├── tests/
│ └── TicketToken_test.sol # Solidity-based test suite
├── cryptopass-dapp/
│ ├── src/
│ │ ├── abi/ # Contract ABI for Web3.js
│ │ ├── components/
│ │ │ ├── BuyTicket.js # Ticket purchasing flow
│ │ │ ├── CreateWallet.js # Wallet generation + keystore export
│ │ │ ├── DecryptWallet.js # Keystore file decryption
│ │ │ ├── ReturnTicket.js # Ticket refund flow
│ │ │ ├── Shows.js # "What's On" event listing
│ │ │ ├── TicketToken.js # Web3 contract interaction logic
│ │ │ ├── NavBar.js # Navigation bar
│ │ │ └── Footer.js # Page footer
│ │ ├── pages/
│ │ │ ├── HomePage.js # Landing page with navigation grid
│ │ │ ├── WalletPage.js # Wallet creation page
│ │ │ └── BalanceChecker.js # Balance dashboard (User/Doorman/Vendor)
│ │ └── styles/ # CSS for each component
│ ├── public/
│ ├── .env # Contract + doorman address config
│ └── package.json
└── README.md
- Node.js and npm
- MetaMask browser extension (optional, for wallet connection)
- Sepolia testnet ETH — available from Sepolia faucets
git clone https://github.com/Elle0-0/CryptoPass.git
cd CryptoPass/cryptopass-dappnpm installCreate a .env file in the cryptopass-dapp/ directory:
REACT_APP_CONTRACT_ADDRESS=YOUR_CONTRACT_ADDRESS
REACT_APP_DOORMAN_ADDRESS=YOUR_DOORMAN_ADDRESSnpm startVisit http://localhost:3000 to use the app.
The test suite is written in Solidity using the remix_tests framework and runs inside Remix IDE. It covers:
- Initialization — Token supply correctly assigned to vendor on deployment
- ERC-20 compliance —
transfer,approve,allowance,transferFrombehave correctly - Ticket operations — Buying and refunding tickets updates balances accurately
- Access control — Only authorized roles can call admin functions (price changes, vendor assignment)
- Failure cases — Insufficient balance transfers, unauthorized admin calls, and invalid refunds revert as expected
The contract is live on the Sepolia testnet with verified transactions:
| Action | Etherscan Link |
|---|---|
| Contract Deployment | View Transaction |
| All Contract Transactions | View Contract |
| Buy Ticket | View Transaction |
| Refund Ticket | View Transaction |
| Burn Ticket | View Transaction |
- Reentrancy Guard — All ETH-transferring functions use a
noReentrancymutex to prevent reentrancy attacks - Role-Based Access —
onlyOwner,onlyVendor, andonlyDoormanmodifiers restrict sensitive operations - Zero-Address Validation — Role assignments are validated against
address(0)to prevent misconfiguration - Separated Funds — Vendor earnings are tracked independently from contract balance, enabling clean accounting and safe withdrawals
- Purchase Limits — Maximum 2 tickets per transaction to prevent bulk buying
This project was developed as part of a Project for CS4455 at The University of Limerick.