Platform
How It Works
The SIGNS Club platform is a token-gated members portal built on Next.js with Solana wallet authentication. Access is determined entirely on-chain, with no off-chain allow-lists or manual approvals.
Platform Overview
Next.js App Router
The site is built on Next.js 14 with the App Router, enabling server-side rendering, API routes, and client-side interactivity in a single unified framework.
Persistent Member Data
Member records, referral codes, and reward schedules are stored in a cloud-hosted database. All sensitive data is tied to wallet addresses, with no email or personal identifiers required.
Solana Wallet Adapter
We integrate the official Solana Wallet Adapter library, supporting Phantom, Solflare, Backpack, Ledger hardware wallets, and any wallet that implements the Solana Wallet Standard.
On-Chain Balance Checks
Tier eligibility is verified directly on-chain via the Solana RPC at every sign-in. Holding the required SIGNS balance is the only access requirement.
Wallet Authentication Flow
SIGNS uses a Sign-In With Solana (SIWS) style authentication flow. No passwords, no email. Your wallet is your identity.
Connect Your Wallet
Click Connect in the navbar. If you are not on the members page, you are redirected to /members to begin the sign-in flow. The Solana Wallet Adapter modal opens and you select your wallet.
Challenge Issued
The server issues a one-time cryptographic challenge containing a nonce, timestamp, domain, and expiry. This challenge is unique per session and expires quickly.
Sign the Message
Your wallet is asked to sign the challenge message. For standard hot wallets (Phantom, Solflare), this uses a direct message signature; no SOL is spent. For Ledger hardware wallets, a zero-value transaction with a memo is signed instead.
Signature Verified
The server verifies the signature against your public key, confirms the nonce has not been used before, and checks that the challenge has not expired.
Balance Checked On-Chain
Your SIGNS token balance is fetched directly from the Solana blockchain. Holding 100,000+ SIGNS grants Tier 1 access. Holding 3,000,000+ SIGNS (or a Seeker Genesis NFT) grants Tier 2 access.
Session Created
A signed, encrypted session cookie is issued. You remain authenticated for the duration of your session. Re-authentication is required if you clear cookies or the session expires.
Security Design
No Private Keys
The platform never requests, stores, or transmits your private keys. Only cryptographic signatures are used for authentication.
Replay Prevention
Each challenge contains a unique nonce and expiry. Used nonces are invalidated server-side, preventing replay attacks.
Ledger Compatible
Hardware wallet users (Ledger) are fully supported via a transaction-based signing fallback, so cold storage holders are never locked out.
Minimal Data Retention
The platform stores only your wallet address, tier assignment, referral data, and optional profile preferences. No financial data beyond on-chain balances.