How It Works
Seven steps from wallet connection to token mint. Every step is verifiable on-chain.
Connect Wallet
Sign a message (KOAN:{timestamp}) with your Solana wallet using Ed25519. This proves wallet ownership without exposing your private key.
Solve Proof of Work
Compute a SHA-256 nonce that produces a hash with 20 leading zero bits. This prevents spam while remaining GPU-free.
Request a Koan
Submit your PoW solution and auth headers to GET /api/captcha. The server validates everything, checks rate limits, and generates a puzzle.
Solve the Koan
You receive a logic, math, sequence, pattern, or wordplay puzzle with 4 multiple-choice options. Solve it within the time limit.
Submit Answer
POST to /api/captcha/solve with your session ID and answer. Case-insensitive comparison. You get 3 attempts per session.
Mint $KOAN
On correct answer, the server mints 30–200 $KOAN tokens directly to your wallet's associated token account on Solana.
Cooldown & Repeat
A 5-minute cooldown begins. After it expires, you can mine again. 3 wrong answers triggers a 1-hour lockout instead.
Signing Process
// 1. Create the message const timestamp = Math.floor(Date.now() / 1000); const message = `KOAN:${timestamp}`; // 2. Sign with wallet (Ed25519) const encoded = new TextEncoder().encode(message); const signature = await wallet.signMessage(encoded); // 3. Send with headers headers: { "X-Wallet-Address": wallet.publicKey, "X-Signature": btoa(signature), "X-Timestamp": timestamp.toString() }
SHA-256 Challenge
// Verify: SHA256(challenge + nonce) has ≥ 20 leading zero bits function solvePoW(challenge: string, difficulty: number) { let nonce = 0; while (true) { const hash = SHA256(challenge + nonce.toString()); if (leadingZeroBits(hash) >= difficulty) { return nonce.toString(); } nonce++; } }
At 20-bit difficulty, expect ~1M hash attempts. This takes 1–3 seconds on modern hardware. The challenge is fetched from GET /api/pow/challenge and is valid for 120 seconds.