A decentralized freelancer marketplace built on Stellar (Soroban) that provides secure, trustless escrow services for freelance work agreements.
Live Demo Β· Documentation Β· Contributing Β· Open Issues
SecureFlow was built for and won the Stellar Scaffold Hackathon β a global competition challenging builders to ship production-grade dApps using the Stellar Scaffold CLI toolchain on Soroban.
The project stood out for its complete end-to-end implementation: a Soroban smart contract handling real on-chain escrow logic, a React frontend auto-wired to contract clients via stellar-scaffold, and a gasless relay backend that makes blockchain interactions seamless for users.
"SecureFlow demonstrates exactly what Scaffold is meant to enable β a full-stack Stellar dApp with contract, client, and UI wired together from day one." β Hackathon Judges
SecureFlow solves the freelance trust problem. When you hire someone online today, you either pay upfront (and risk getting nothing) or pay after (and the freelancer risks getting stiffed). SecureFlow puts funds into a Soroban smart contract that neither party controls β it releases payment automatically when milestones are approved, or triggers dispute resolution when they're not.
Key properties:
- Trustless β no intermediary holds funds, the contract does
- Transparent β all state is on-chain and auditable
- Fair β multi-arbiter dispute resolution with on-chain reputation
- Fast & cheap β Stellar settles in ~5 seconds for fractions of a cent
| Feature | Description |
|---|---|
| Smart Contract Escrow | Funds locked in Soroban until milestone approval |
| Milestone Payments | Break projects into chunks; each unlocks individually |
| Open Job Marketplace | Freelancers browse and apply; clients pick the best fit |
| Direct Contracts | Skip the marketplace and contract a known freelancer |
| Dispute Resolution | Multi-arbiter voting with admin oversight |
| Reputation System | On-chain star ratings and badge tiers (Beginner β Expert) |
| Multi-Token Support | Native XLM or any whitelisted Stellar asset |
| Gasless Relay | Backend relay lets users transact without holding XLM |
| Rating Notifications | Real-time notification center for ratings and milestone events |
- All write operations require Stellar account authorization
- Token whitelist β only approved assets accepted
- Arbiter authorization gating
- Configurable platform fees sent to designated collector
- Emergency deadline-based refunds built into contract
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β SecureFlow β
βββββββββββββββ¬βββββββββββββββββββ¬βββββββββββββββββββββββββ€
β Frontend β Backend β Soroban Contract β
β React 19 β Express (Node) β Rust / Soroban SDK β
β Vite β Supabase β β
β Zustand β Groq AI β Admin Module β
β Radix UI β Gasless Relay β Escrow Core β
β shadcn/ui β β Marketplace β
β β β Work Lifecycle β
β β β Refund System β
β β β Dispute Resolution β
βββββββββββββββ΄βββββββββββββββββββ΄βββββββββββββββββββββββββ
β β β
Stellar Wallets Kit Stellar SDK / Horizon
β
Stellar Network
contracts/secureflow/src/
βββ admin.rs # Platform config, pause, fee management
βββ escrow_core.rs # Core data model and state machine
βββ escrow_management.rs # Escrow creation and lifecycle
βββ marketplace.rs # Job listings and applications
βββ work_lifecycle.rs # Milestone submit/approve/reject
βββ refund_system.rs # Refund and emergency mechanisms
βββ storage_types.rs # All on-chain data structures
βββ lib.rs # Contract entrypoint
| Layer | Technology |
|---|---|
| Smart Contract | Rust, Soroban SDK |
| Frontend Framework | React 19, TypeScript, Vite |
| UI | Tailwind CSS, Radix UI, shadcn/ui |
| State | Zustand |
| Routing | React Router v7 |
| Forms | React Hook Form + Zod |
| Backend | Node.js, Express, Supabase |
| AI | Groq (cover letter analysis) |
| Wallet | @creit.tech/stellar-wallets-kit |
| Toolchain | Stellar Scaffold CLI |
| CI/CD | GitHub Actions, Vercel, Railway |
# Rust toolchain
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
rustup target add wasm32v1-none
# Node.js 22+
node --version # v22 or higher
# Stellar CLI + Scaffold plugin
cargo install stellar-scaffold-cli# 1. Clone
git clone https://github.com/HyperSafeD/SecureFlow-scaffold.git
cd SecureFlow-scaffold
# 2. Install frontend dependencies
npm install
# 3. Configure environment
cp .env.example .env
# Edit .env β see Environment Variables section below
# 4. Start Stellar local network (Docker required)
docker run --rm -p 8000:8000 stellar/quickstart:testing --local
# 5. Build contract and auto-generate TypeScript clients
stellar scaffold build --build-clients
# 6. Start frontend
npm run dev
# β http://localhost:5173
# 7. (Optional) Start backend
cd backend && npm install && npm run devFrontend (.env)
VITE_STELLAR_NETWORK=testnet # local | testnet | mainnet
VITE_SECUREFLOW_CONTRACT_ID= # deployed contract address
VITE_OWNER_ADDRESS= # admin stellar address
VITE_API_URL=http://localhost:3001 # backend URLBackend (backend/.env)
SUPABASE_URL=
SUPABASE_SERVICE_KEY=
GROQ_API_KEY=
PORT=3001npm run build # frontend β dist/
cd backend && npm run build # backend β backend/dist/Client creates job β Funds locked in escrow contract
Freelancers apply β Client selects best applicant
Freelancer starts β start_work() changes status to InProgress
Milestone done β submit_milestone() notifies client
Client reviews β approve (pay) / reject (revise) / dispute
On dispute β Arbiters vote β Admin resolves β XLM released
All done β Contract marked Completed, reputation updated
Pending ββstart_workβββΆ InProgress ββall approvedβββΆ Released
β β
refund() dispute raised
β β
βΌ βΌ
Refunded Disputed ββadmin resolvesβββΆ Resolved
NotStarted β Submitted β Approved (payment released)
Submitted β Rejected β (freelancer resubmits)
Submitted β Disputed β Resolved
Core Functions (click to expand)
// Create a new escrow job
pub fn create_escrow(
depositor: Address,
beneficiary: Option<Address>, // None = open marketplace job
arbiters: Vec<Address>,
required_confirmations: u32,
milestones: Vec<(i128, String)>,
token: Option<Address>, // None = native XLM
total_amount: i128,
duration: u32,
project_title: String,
project_description: String,
) -> Result<u32, Error>
// Marketplace
pub fn apply_to_job(escrow_id: u32, cover_letter: String, proposed_timeline: u32, freelancer: Address) -> Result<(), Error>
pub fn accept_freelancer(escrow_id: u32, freelancer: Address, depositor: Address) -> Result<(), Error>
// Work lifecycle
pub fn start_work(escrow_id: u32, beneficiary: Address) -> Result<(), Error>
pub fn submit_milestone(escrow_id: u32, milestone_index: u32, description: String, beneficiary: Address) -> Result<(), Error>
pub fn approve_milestone(escrow_id: u32, milestone_index: u32, depositor: Address) -> Result<(), Error>
pub fn reject_milestone(escrow_id: u32, milestone_index: u32, reason: String, depositor: Address) -> Result<(), Error>
// Refunds
pub fn refund_escrow(escrow_id: u32, depositor: Address) -> Result<(), Error>
pub fn emergency_refund_after_deadline(escrow_id: u32, depositor: Address) -> Result<(), Error>
// Reputation
pub fn rate_freelancer(escrow_id: u32, rating: u32, review: String, depositor: Address) -> Result<(), Error>SecureFlow-scaffold/
βββ contracts/
β βββ secureflow/ # Soroban smart contract (Rust)
β βββ src/
βββ src/ # React frontend
β βββ components/
β β βββ admin/
β β βββ approvals/
β β βββ chat/
β β βββ create/
β β βββ dashboard/
β β βββ jobs/
β β βββ ui/ # shadcn/ui components
β βββ contexts/ # Web3 + wallet context
β βββ contracts/ # Auto-generated Soroban clients
β βββ hooks/
β βββ lib/ # API client, utils
β βββ pages/
β βββ providers/
βββ backend/ # Express API + Supabase
β βββ src/
β βββ routes/
β βββ lib/ # Supabase, Groq clients
β βββ middleware/
βββ packages/ # npm workspace packages
βββ supabase/ # DB migrations
βββ environments.toml # Stellar network configs
βββ Cargo.toml
βββ package.json
SecureFlow is an open-source project growing beyond the hackathon. We welcome contributors at every level β Rust contract devs, React engineers, and everything in between.
- Check the open issues β they're labelled and scoped to be tackled solo
- Fork the repo and create a branch:
git checkout -b feat/your-feature - Make your changes (run
npm run lintandnpm testbefore pushing) - Open a PR against
main
| Label | Meaning |
|---|---|
good first issue |
Small, well-scoped β great entry point |
contract |
Soroban / Rust smart contract work |
frontend |
React / TypeScript UI work |
backend |
Node.js / Express / Supabase work |
security |
Security-critical changes |
enhancement |
New features |
bug |
Something broken |
performance |
Speed / cost improvements |
testing |
Test coverage |
documentation |
Docs and guides |
Please read CONTRIBUTING.md and CODE_OF_CONDUCT.md before submitting.
| Service | Purpose | Status |
|---|---|---|
| Vercel | Frontend hosting |  |
| Railway | Backend API | Active |
| Stellar Testnet | Smart contract | Active |
MIT β see LICENSE.
π Stellar Scaffold Hackathon Winner
Built with Rust, React, and the Stellar ecosystem.
Open source under HyperSafeD β contributions welcome.
Stellar Β· Soroban Docs Β· Scaffold CLI Β· HyperSafeD