Trust the Code, Not the Middleman

1. Executive Summary

Adultra lets adult‑industry creators book shoots and settle payments in USDC on Polygon without ever ceding custody of their funds. With a threshold‑MPC wallet (Web3Auth) and a self‑contained escrow smart contract, we meet global compliance expectations while avoiding money‑transmitter licensing burdens.

2. Wallet Architecture

• MPC key‑split: one share on the user’s device, one encrypted in the Web3Auth network, one optional recovery share.
• Threshold: 2‑of‑3 required to sign; no single party—including Adultra—can move assets unilaterally.
• Gas strategy: Adultra hot‑wallet drip‑feeds POL for fees, but never touches users’ USDC.

3. Escrow Contract Design

Key properties:

• No upgrade proxy; byte‑code hash is immutable once deployed.
• Only the funding producer can call releaseBooking().
• No onlyOwner function can transfer USDC

4. Regulatory Positioning

• FinCEN: 2019 CVC guidance excludes pure wallet software providers.
• State MTL: Software exemption plus no custody — generally out of scope (NYDFS FAQ, TX DOB 1037, CO MTMA §102).
• OFAC: Compliance handled via TRM Labs screening and IP geofencing.

5. Security & Threat Model

1. MPC shard hardening – device share encrypted at rest; cloud share rotated on sign‑in.
2. Threshold immutability – 2‑of‑3 code‑locked; no admin path to 1‑of‑2.
3. No contract pause switch – we prefer risk of temporary outage over centralised seizure powers.

6. On‑Boarding & Recovery

Users sign up with email or socials (WebAuthn). The recovery share lives in encrypted cloud storage only if the user opts in. A lost device can be recovered via social‑login plus guardian factor — never by Adultra alone.

7. Gas Sponsorship

A dedicated hot‑wallet tops up each new address with about 0.02 POL (roughly twenty transactions). Server logic enforces a 24‑hour throttle and TRM watch‑list check before each drip.