Skip to content
Gatoll logo Gatoll

Claim & Settlement

A claim settles only against a voucher the verifier signed for a participant who passed the Gates. The contract re-checks everything on-chain before releasing funds.

The EIP-712 voucher

Section titled “The EIP-712 voucher”

The voucher is an EIP-712 typed-data signature over a ClaimAuth struct. The domain binds the signature to a specific pool:

domain = {
  name: "GatollRewardPool",
  version: "1",
  chainId,
  verifyingContract: <pool address>
}


ClaimAuth = {
  address poolAddress;   // the target pool
  address recipient;     // who may claim
  uint256 amount;        // fungible amount or NFT count
  uint256[] tokenIds;    // NFT ids (empty otherwise)
  uint256 deadline;      // expiry (unix seconds)
  uint256 nonce;         // single-use, issued by the verifier
}

The flow

Section titled “The flow”
  1. The participant passes the Loot’s Gates.
  2. The verifier issues a ClaimAuth for the participant’s wallet, pins a single-use nonce for that (pool, recipient), sets a short deadline, and signs it.
  3. The participant submits claim(auth, signature) to the pool.
  4. The pool verifies and, if everything holds, computes or reads the allocation and transfers it.

For Random and Equal Loots the voucher carries a zero allocation and the contract computes the amount at claim time; for Custom Loots the verifier signs the exact amount or token IDs.

On-chain verification

Section titled “On-chain verification”

The pool independently checks, before moving any funds:

  • the signature recovers to the pool’s snapshotted verifier address;
  • poolAddress equals this pool (no cross-pool reuse);
  • recipient equals the caller (no one else can use your voucher);
  • deadline has not passed;
  • the nonce has not been used;
  • the recipient has not already claimed, and a seat is available.

Replay protection

Section titled “Replay protection”

Four independent properties make a voucher non-replayable: it is bound to one pool (domain + poolAddress), to one recipient, to a single-use nonce the contract burns on use, and to a short deadline. On top of that, the contract enforces one claim per wallet per Loot. A leaked or reused voucher is inert — it can only ever do exactly what the verifier authorized, once.

This is the crux of Gatoll’s trust model: the verifier decides eligibility, but the contract decides settlement. Even a misbehaving verifier cannot make the pool pay an ineligible address twice or pay against the wrong pool.