Child First Platform

Abstract

Child First Platform is a decentralised charitable fundraising protocol deployed on the Polygon mainnet. The system enables verified non-profit operators to raise MATIC donations from global donors, with all funds held in immutable smart contract escrow and released exclusively through a 2-of-2 multi-party approval mechanism ("dual approval"). Donors receive a permanent, non-transferable ERC-721 NFT receipt as on-chain proof of contribution. No platform fee is charged. No speculative token is issued. The system is architected to survive the failure of the platform operator — meaning charity infrastructure cannot be captured, censored, or misappropriated by any single party.

1. Problem Statement

1.1 Charitable Sector Trust Deficit

Global charitable giving exceeds $600 billion annually, yet donor confidence is persistently undermined by high overhead rates, opaque fund flows, and recurring fraud scandals. A 2023 Giving Insights survey found that 67% of donors abandon large charitable gifts due to inability to verify fund usage. Traditional charity auditing is annual, retrospective, and inaccessible to most donors.

1.2 Children & Humanitarian Campaigns Specifically

Child welfare campaigns face additional scrutiny due to the vulnerability of beneficiaries. High-profile fraud in this sector (fake orphanage networks, inflated meal counts, diverted food aid) has created justified donor scepticism. Field operators face the inverse problem: legitimate campaigns struggle to raise funds because they cannot credibly prove integrity to potential donors.

1.3 Existing Blockchain Solutions Are Insufficient

Existing blockchain charity platforms typically provide "transparency" only at the donation receipt layer, while fund disbursement remains centralised and opaque. A platform that publishes donation hashes but disburses via a multisig controlled entirely by the platform provides no meaningful accountability improvement over traditional charities.

The Core Problem: Donors need cryptographic, real-time, verifiable proof that their specific donation was used for its stated purpose — not 12 months later in an auditor's report.

2. Solution Architecture

2.1 System Overview

Child First Platform is composed of three layers:

On-Chain Layer: Immutable Solidity contracts on Polygon mainnet. Holds funds, enforces dual-approval rules, mints NFT receipts. Cannot be modified or censored.

Off-Chain Index Layer: PostgreSQL + Prisma database mirrors campaign metadata, donation records, and milestone evidence for fast reads and search. No funds are ever held here.

Application Layer: Next.js 14 frontend deployed on Netlify. Reads from both on-chain state and the index layer. Communicates with wallets via wagmi v2 + RainbowKit.

2.2 Trust Model

The system is designed so that a donor does not need to trust Child First Platform, the campaign operator, or the Independent Director individually. The smart contract enforces that both parties must agree — and neither can act alone. The platform can be taken offline without affecting a single pending donation.

3. Smart Contract Specification

3.1 CampaignFactory

Deployed at: 0x7868D0D5aD5DB9a462093D06cAE2e8c7D3Cbf386

createCampaign(campaignId, metadataURI, goalAmount, deadline, operator, director)

Owner-only. Deploys a new Campaign contract, records it in the registry. Emits CampaignCreated.

getCampaignCount()

Returns total number of campaigns ever created.

getCampaignSummaries()

Returns parallel arrays of addresses, IDs, goals, raised totals, deadlines, and closed states.

campaignById(campaignId)

Returns the contract address for a given string campaign ID.

isCampaign(addr)

Returns true if addr was deployed by this factory.

3.2 Campaign (per-campaign instance)

donate() payable

Accepts any MATIC amount. Increments totalRaised. Calls DonationReceipt.mint(). Emits DonationReceived.

approveMilestone(index) — operator only

Sets milestone.operatorApproved = true. Emits MilestoneOperatorApproved.

approveMilestone(index) — director only

Sets milestone.directorApproved = true. If both flags true, immediately transfers targetAmount to milestone.recipient. Emits MilestoneDisbursed.

getMilestone(index)

Returns full milestone tuple: description, targetAmount, recipient, operatorApproved, directorApproved, disbursed.

getMilestoneCount()

Returns total milestone count.

totalRaised / totalDisbursed / availableFunds

View functions returning current fund state in wei.

3.3 DonationReceipt (ERC-721 Soulbound)

Deployed at: 0x2Bd17aD3abE1783B2006B47A9d415457178C2422

mint(to, campaignId, amount) — campaign contract only

Mints a token to the donor address. Only authorised Campaign contracts can call this.

transferFrom / safeTransferFrom

Overridden to revert. Tokens are permanently soulbound to the original recipient.

getReceiptData(tokenId)

Returns campaignId, amount (wei), timestamp, donor address.

tokenURI(tokenId)

Returns on-chain base64 JSON metadata with receipt attributes.

4. Governance Model

4.1 Current Model (v1)

In version 1, the platform is governed by a founding multi-signature arrangement:

Platform Owner

Deploys new campaigns via CampaignFactory. Cannot touch campaign funds. Cannot override milestone approvals.

Campaign Operator

Submits first milestone approval. Provides evidence documentation. Cannot unilaterally release funds.

Independent Director

Countersigns milestone disbursements. Acts as fiduciary check. Has no relationship with the operator.

4.2 Path to Decentralisation

Phase 3 roadmap introduces DAO governance where MATIC-weighted votes determine Independent Director elections, fee structure changes (capped at 1% maximum), and campaign approval criteria. The founding multi-sig retains veto rights during a 2-year transition period to prevent hostile governance capture.

5. Security Analysis

HIGHMITIGATEDReentrancy Attack

Milestone disbursement follows checks-effects-interactions pattern. State is updated before external call. OpenZeppelin ReentrancyGuard applied.

CRITICALMITIGATEDOperator Unilateral Fund Drain

Operator approval alone is never sufficient. Director countersignature required. Operator has no withdraw() function.

CRITICALMITIGATEDPlatform Admin Fund Capture

Platform owner can only deploy new campaigns. No admin function exists to access campaign escrow funds.

HIGHMITIGATEDInteger Overflow on Amounts

Solidity 0.8.x provides built-in overflow/underflow protection. No unsafe math libraries used.

MEDIUMMITIGATEDNFT Transfer / Market Speculation

DonationReceipt overrides all ERC-721 transfer functions to revert. Tokens cannot leave the minted wallet under any circumstances.

LOWACCEPTABLEDeadline Timestamp Manipulation

Block timestamps on Polygon are reliable to within ~15 seconds. Campaign deadlines use a ±1 hour grace window for edge cases.

6. Economic Model

Child First Platform issues no proprietary token. There is no ICO, no token sale, no pre-mine, and no speculative value proposition. The platform uses MATIC exclusively as the donation currency.

Platform fee

100%

To beneficiaries

~$0.01

Gas cost per tx

Future platform sustainability may be funded via an optional, community-voted protocol fee capped at 1% of disbursements — not donations. This means donors always see 100% of their donation enter the campaign escrow.

See the full Tokenomics page for detailed economic parameters.

7. Legal & Compliance

7.1 Platform Status

Child First Platform is a technology infrastructure provider. It is not itself a registered charity, non-profit, or financial institution. Individual campaigns are operated by verified third-party organisations who bear responsibility for their own legal and tax compliance.

7.2 Operator Requirements

•Government-issued identity documentation for all key persons

•Proof of registered non-profit, NGO, or charitable status in country of operation

•Verified beneficiary documentation (no personally identifying information for minors)

•Bank account or wallet ownership proof in organisation name

•Signed platform terms including anti-fraud attestation

7.3 Donor Protections

Donors retain the following protections enforced in code:

✓Funds can only reach verified milestone recipient wallets — not the operator's personal wallet

✓If a campaign expires without meeting milestones, remaining funds can be administratively returned to original donor addresses via refund mechanism

✓NFT receipt provides permanent donation proof independent of platform infrastructure

7.4 AML / KYC Policy

Operators are fully KYC-verified prior to campaign listing. Donor wallets are pseudonymous but all on-chain activity is permanently public. The platform reserves the right to freeze or terminate campaigns where credible fraud evidence emerges, in which case director approval for any further disbursement will be withheld.

Legal Disclaimer: Donations to campaigns on Child First Platform may or may not qualify for charitable tax deductions in your jurisdiction. Consult a qualified tax advisor. Child First Platform does not provide tax, legal, or financial advice.

8. Risk Factors

Smart Contract Risk

Despite security measures, undiscovered vulnerabilities may exist. Only donate amounts you are comfortable with. Independent audit is in progress.

MATIC Price Volatility

The MATIC price may decrease between donation and disbursement, reducing the real-world value reaching beneficiaries.

Operator Misconduct

Campaign operators may provide false evidence for milestone signing. The Independent Director process, AML policy, and legal recourse are the primary defences.

Regulatory Change

Cryptocurrency regulations may change in ways that affect platform operation or donor tax treatment.

Polygon Network Risk

If Polygon mainnet experiences extended downtime or a consensus failure, fund access may be temporarily impaired.

Platform Infrastructure Failure

If Child First's website and database become inaccessible, campaign management is impaired but funds remain safely on-chain and accessible via direct contract interaction.

9. Roadmap

Q1–Q2 2026Current

•Polygon mainnet deployment
•CampaignFactory + DonationReceipt live + verified
•First 3 pilot campaigns
•Public web application live

Q3 2026Next

•USDC stablecoin donation support
•Self-service operator portal
•Mobile wallet UX improvements
•Independent security audit (external auditor)

Q4 2026Planned

•Impact credential system for repeat donors
•Cross-chain support (Base, Arbitrum)
•API access for third-party integrations
•Annual transparency report publication

Q1 2027+Future

•DAO governance launch
•Community-elected Independent Directors
•Layer 2 micro-donation support
•Mobile app (iOS / Android)

Child First Platform — Technical Whitepaper v1.0 — April 2026

Smart contracts: MIT License. Deployed on Polygon mainnet (chain 137).

Source verified: CampaignFactory ↗ • DonationReceipt ↗