LegitiMint

Inspiration

Both of us are current students at the University of Waterloo, and we’ve experienced firsthand the competitive—and often discouraging—reality of the student job search. Despite dedicating time and effort to clubs, hackathons, research, and volunteering, we found that many peers succeeded by exaggerating or fabricating experiences on their resumes.

We kept thinking: what if honesty didn’t put you at a disadvantage? LEGITIMINT was born from that frustration—built to empower students to prove their achievements in a way that’s verifiable, permanent, and fair.

What it does

LEGITIMINT is a blockchain-based credential verification platform that allows students to securely prove their real-world involvement in extracurriculars, research, and other university activities. Verified authority figures—such as professors, club presidents, and program coordinators—can mint NFTs to students’ wallets as records of completion or participation. These NFTs are not simply digital collectibles; they contain metadata that identifies the activity, issuer, date, and other relevant details. The tokens are permanently stored on-chain and publicly viewable, creating an uneditable record of a student’s accomplishments. Students can build a verified portfolio, while recruiters can view an honest summary of their non-academic growth and contributions.

How we built it

We built LEGITIMINT using a modern full-stack Web3 architecture. The frontend is built with Next.js and TypeScript, using Wagmi and RainbowKit for wallet authentication and Ethereum smart contract interaction. Users are routed based on their role—admins are presented with a minting dashboard, and students can access their personalized NFT profiles. The interface also supports public recruiter views for any wallet address. Our backend is built with Express.js and TypeScript. It handles user registration, role assignment, NFT minting requests, and IPFS metadata uploads. We use the Pinata API to store metadata and images securely on IPFS, ensuring that all activity records are decentralized and verifiable. The backend also integrates with ethers.js to call smart contract functions and manage minting on behalf of verified admins. The smart contract is written in Solidity and deployed to the Polygon Mumbai testnet. It uses the ERC-721 standard via OpenZeppelin and implements role-based access control so that only verified admins can mint tokens. Each minted NFT contains embedded metadata referencing the student, the activity, and other descriptive elements. We use Supabase with PostgreSQL as our database for managing users and activity logs. Supabase allows us to securely store wallet-role mappings and enables us to link smart contract events with internal user records. This gives us a secure and auditable way to manage permissions while keeping the Web3 components lightweight and on-chain.

Challenges we ran into

We encountered several technical and design challenges. Uploading images and metadata to IPFS through Pinata required precise handling of multipart form data and file streaming, which proved difficult to get right initially. Managing wallet state and role-based routing across a React frontend also required careful synchronization to prevent race conditions, especially when users refreshed the page or switched accounts. Designing a secure smart contract that enforced proper access control—without introducing unnecessary complexity—was also a challenge, particularly when testing edge cases around role changes or invalid wallet submissions. On top of this, integrating GPT-generated summaries required tuning prompts and response handling to make the outputs both helpful and relevant for recruiters.

Accomplishments that we're proud of

We’re proud that we delivered a complete end-to-end system where verified administrators can mint NFTs, students can receive them, and recruiters can view them without needing to trust the platform itself. We successfully deployed and tested a working smart contract, developed a fully functional role-based UI, and implemented decentralized metadata storage via IPFS.

What we learned

Through this project, we deepened our understanding of smart contract architecture and the practical challenges of building secure Web3 applications. We learned how to use IPFS and Pinata for decentralized file storage and how to integrate blockchain logic into a modern TypeScript/React web app. We also gained experience working with OpenAI’s GPT models in a way that enhances rather than overshadows the product. Importantly, we learned a lot about full-stack coordination—ensuring that every layer, from database to smart contract to frontend, works together securely and reliably under time pressure.

What's next for LegitiMint

We want to continue developing LEGITIMINT into a platform that universities, clubs, and professional associations can actually adopt. We hope to integrate a recruiter dashboard with filtering and search tools, expanding the AI component to connect recruiters to students that fit the kinds they are searching for. We’re also exploring integration with platforms like LinkedIn to allow students to export verified experiences as part of their public resumes. Long term, we want to support additional credential types such as academic certificates, micro-credentials, and even peer-reviewed publications, all backed by verifiable, decentralized infrastructure.

Built With

• express.js
• nextjs
• node.js
• postgresql
• solidity
• tailwind
• typescript