Technology brief · v1.0 · March 2026

How VAAM
runs on FloraChain.

A concise, plain-language reference for the technical and security teams of brands, regulators, and government partners. VAAM keeps consumer experience simple — but the trust guarantees underneath are deliberately public, auditable and replaceable.

Chain

flora-1
Florachain Testnet

Anchor contract

VEKTR Core
flora14hj2tav…utmry

REST endpoint

testnet-gateway
.metaflora.xyz/api

Denom · prefix

FLORA · uflora
bech32: flora

01 / Overview

Trust is a public good.
Privacy is a default.

VAAM treats blockchain as plumbing — invisible to consumers, vital to the system. We do not put sensitive business data on-chain. We put a cryptographic fingerprint on-chain and keep the data itself in the producer's control.

Off-chain record

The full product record lives in the producer's portal and an IPFS object — never on-chain.

SHA-256 fingerprint

A deterministic content hash is computed client-side in the producer's browser.

Anchored on FloraChain

The hash is written through VEKTR Core via store_data.

Public verification

Any consumer or regulator can re-hash the record and compare it to the on-chain anchor.

02 / The Product Record

What gets hashed.

A canonical JSON record produced when a brand submits a product batch. The record is hashed exactly as serialised — any change of byte changes the hash.

// VAAM product record · canonical JSON · UTF-8
{
  "product_id":           "VAAM-PRL-3405-0815",
  "brand":                "Premium Rice Liquor",
  "batch":                "VN-3405-0815",
  "origin":               "Đà Nẵng, Vietnam",
  "bottle_serial":        "PRL-0815-004182",
  "production_date":      "2026-04-12",
  "verification_status":  "anchored",
  "vaam_badge_id":        "VAAM-VN-MARK-2026",
  "content_hash":         "0x9f3e…c2a7"
}

03 / Anchoring · VEKTR Core

The store_data call.

VEKTR Core is a CosmWasm contract on FloraChain that accepts a content hash, a MIME type, a size, and one or more URIs (e.g. IPFS). It records all of these immutably and emits an event.

// Execute message sent to VEKTR Core
{
  "store_data": {
    "content_hash": "0x9f3eabc4…c2a7",
    "size_bytes":   "412",
    "mime_type":    "application/json",
    "uris": [
      {
        "uri":         "ipfs://demo-vaam-product-record",
        "uri_type":    "ipfs",
        "description": "VAAM alcohol product authenticity record"
      }
    ],
    "author_pubkey":    "<brand pubkey, base64>",
    "author_signature": "<signature over content_hash, base64>"
  }
}

04 / Verification path

Query and prove.

A consumer scan resolves to a public REST query against the FloraChain gateway. No wallet, no sign-in.

Smart query · stored record

GET/cosmwasm/wasm/v1/contract/
{contract_address}/smart/{base64_query}

Latest block

GETtestnet-gateway.metaflora.xyz/api/blocks/latest

Transaction by hash

GET/cosmos/tx/v1beta1/txs/{tx_hash}

Events stream (RPC)

WSStestnet-gateway.metaflora.xyz
?subscribe=tm.event='Tx'

// Base64 query (decoded)
{
  "query_data": {
    "content_hash": "0x9f3eabc4…c2a7"
  }
}

05 / Operating modes

Demo and Live.

The VAAM console runs in two modes. Both share the same UI, the same contract, and the same query path — only the transaction-signing path differs.

Capability

Demo mode

Live mode

Notes

SHA-256 hashing

✓ real

Computed with crypto.subtle

Anchor transaction

simulated

✓ signed

Live mode requires wallet support

FloraChain query

prepared

✓ live REST

Query path is identical in both

Block heights

mocked

✓ live

Pulled from /blocks/latest in live mode

Meeting-ready

✓ always

network-dependent

Demo is the default for live presentations

06 / Security model

What we promise.

VAAM's threat model is explicit: counterfeit injection, duplicate scans, and unilateral data tampering. We do not promise — and do not need — perfect supply-chain custody.

PROVEN
Tamper-evidence. A single byte change in the product record changes the SHA-256 fingerprint, breaking the anchor match.
PROVEN
Duplicate detection. Any code scanned more times than its batch issuance is flagged automatically and routed to the regulator console.
PROVEN
Public auditability. Anyone — regulator, journalist, citizen — can re-derive the hash and re-query the contract. The system has no privileged readers.
OUT OF SCOPE
Physical bottle integrity. VAAM verifies that a code is real. Tamper-evident seals, holographic stamps and refill-prevention are layered separately as Premium Verification add-ons.

07 / SDK & integration

Three lines of code.

Brands integrate via a small JavaScript SDK (or REST). The hash, the anchor, and the verify call are all single methods.

// brand-side anchoring (Node / browser)
import { VAAM } from '@vaam/sdk';

const v = new VAAM({ chain: 'flora-1', mode: 'live' });
const record = await v.record(productData);          // canonicalises + hashes
const tx     = await v.anchor(record, wallet);       // store_data on VEKTR Core
const proof  = await v.verify(record.content_hash); // REST query against flora-1

SDK available for JavaScript, Python and Go. Drop-in helpers for Shopify, Magento, and SAP. Full reference at docs.vaam.vn/sdk (post-launch).

How VAAMruns on FloraChain.

Trust is a public good.Privacy is a default.