Access control system for private Telegram communities based on on-chain wallet balance verification and wallet ownership validation.
This project implements a Telegram bot that validates both token holdings and wallet control before granting access to a private group.
Managing token-based private communities manually introduces several issues:
- users selling the token after gaining access
- shared or resold invite links
- lack of wallet ownership verification
- absence of periodic revalidation
- error-prone and time-consuming manual checks
This system automates access control while ensuring that users both hold the required tokens and control the wallet they claim to own.
- A user starts the verification process via Telegram
- The user selects a supported blockchain network
- The user provides a wallet address
- The system verifies on-chain that the wallet meets the required token balance
- If the balance requirement is met, the system generates a random small transfer amount
- The user is instructed to send that exact amount to the bot’s verification wallet
- After the transfer is made, the user confirms verification via Telegram
- The system checks the blockchain for the exact transfer amount
- Upon successful validation, a single-use invite link is generated
- Verified users are periodically revalidated:
- if token requirements are no longer met, access is automatically revoked
- On-chain token balance verification
- Wallet ownership validation via micro-transfer
- Multi-network support
- ERC-20 token balance checks
- Single-use Telegram invite links
- Periodic automatic revalidation
- Automatic removal on rule violation
- Persistent verification state
- Designed for continuous execution (always-on)
- Off-chain logic (Node.js)
- Blockchain RPC integrations
- Telegram bot as user interface
- On-chain transaction monitoring
- Local persistence for verification state
- Designed to run privately on a VPS
This system is designed to be deployed as a private, self-hosted service.
At a high level, usage involves:
- Running the bot as a long-lived process (e.g. on a VPS)
- Defining supported networks and token balance requirements
- Connecting the bot to a private Telegram group
- Allowing users to initiate verification via Telegram
- Letting the system handle wallet validation, access control, and periodic revalidation automatically
Deployment steps, credentials, and production configuration details are intentionally omitted from this repository.
This system is intentionally designed as a private, non-custodial tool.
The public repository contains a sanitized version:
- no real API keys or secrets
- no production wallet addresses or group identifiers
- no real user data
User verification state is stored locally in JSON files generated at runtime.
These files are intentionally not tracked in version control and are created automatically when the system is executed.
Telegram requires a numeric group_id to generate invite links programmatically.
A small helper script is included under /scripts to retrieve the group ID after adding the bot to the target group. This script is only used during initial setup and is not part of the core verification logic.
This is a functional system actively used in private environments.
The repository is published for demonstrative and educational purposes, focusing on system design, verification flow, and access-control logic rather than deployment configuration.