# Identity and Tiers Access to the USDREFI vault is gated by a progressive identity system. Every depositor must hold a valid Self verification. Higher deposit caps unlock via Prosperity Pass levels. The vault itself contains zero identity logic — it simply reads a tier number from the TierRegistry. ## Architecture: API → Registry → Vault The identity system has three layers: 1. **Off-chain API** — Checks Self verification status and Prosperity Pass level, determines tier (1, 2, or 3) 2. **On-chain TierRegistry** — Stores the result as a simple `mapping(address → uint8)`, writable by the API signer and Foundation Safe 3. **Vault** — Calls `tierRegistry.tierOf(receiver)` during deposit and applies the tier cap. No identity awareness beyond the tier number. This design means tier logic can change — new providers, different thresholds, governance overrides — without redeploying the vault or registry. Only the API needs updating. ## Tier Definitions | Tier | Eligibility | Per-User Cap | Assigned By | | -------------------- | ------------------------------- | -------------- | --------------- | | **0** (unregistered) | No Self verification | Cannot deposit | — | | **1** | Self verified | $500 | API (automatic) | | **2** | Self + Prosperity Pass Level 3+ | $5,000 | API (automatic) | | **3** | Self + Prosperity Pass Level 5+ | $15,000 | API (automatic) | ## Self Verification [Self](https://self.xyz/) provides the baseline identity layer. Every depositor must complete Self verification, confirming they are a unique human via self-sovereign cryptographic attestation. The API checks this off-chain before assigning any tier. ## Prosperity Pass [Prosperity Pass](https://prosperity.celo.org/) is Celo's on-chain reputation system built on Safe infrastructure by CeloPG and Kolektivo Labs. Users link wallets, claim badges for governance participation, events, and on-chain activity, earning Prosperity Points that determine their level. The API maps Prosperity Pass levels to deposit tiers: * **Level 3+** → Tier 2 ($5,000 cap) * **Level 5+** → Tier 3 ($15,000 cap) ## TierRegistry Contract A minimal on-chain contract storing per-address tier assignments: ```solidity mapping(address => uint8) public tierOf; function setTier(address user, uint8 tier) external onlyAuthorized; function setTierBatch(address[] users, uint8[] tiers) external onlyAuthorized; // Authorized: API signer + Foundation Safe (admin override) ``` The TierRegistry is intentionally generic. Future identity providers, reputation systems, or governance-based allowlisting can all feed into the same interface without changes to the vault or registry contracts.