b.
All projects
Blockchain & backend engineer4 min read

LawLedger

A blockchain-based legal document vault built on Ethereum and IPFS with smart contract access control, immutable audit trails, and AI-powered legal document summarization.

EthereumSolidityReactIPFSMongoDBPython
Source
LawLedger — watch demo on YouTube
Watch on YouTube

Watch demo

LawLedger started from a problem that still exists in most legal workflows:

Legal documents are digitally created, but trust around them is still largely manual.

Original agreements are still couriered, notarized copies are still duplicated endlessly, and access control is often enforced through emails, shared drives, or centralized systems that can be modified silently.

I wanted to explore whether blockchain infrastructure could make document integrity and access verification significantly harder to tamper with while keeping storage decentralized.

The problem

Legal document systems face a few recurring issues:

  • centralized storage creates single points of failure
  • document versions become difficult to verify
  • access permissions are managed manually
  • audit trails are fragmented across systems
  • large legal documents are time-consuming to review

Most existing systems optimize convenience first and verifiability second.

LawLedger was designed with the opposite assumption.

What we built

  • Blockchain-backed document registry — document metadata and access permissions stored immutably on Ethereum.
  • Decentralized file storage — uploaded files stored on IPFS using Pinata for content-addressable retrieval.
  • Role-based smart contract access control — lawyers, clients, and legal staff operate under explicit on-chain permissions.
  • AI-powered legal document summarization — transformer-based NLP models generate concise summaries of uploaded legal documents.
  • MetaMask authentication — wallet-based identity and transaction signing without traditional credentials.
  • Audit-ready interaction logs — all document operations become verifiable through blockchain transaction history.

The architecture

The system separates storage, verification, and intelligence into independent layers.

React Frontend

MetaMask Authentication

Ethereum Smart Contracts

IPFS Document Storage

MongoDB Metadata Layer

NLP Summarization Backend

Documents themselves are stored off-chain on IPFS, while hashes, ownership records, and permission logic remain on Ethereum.

This keeps storage scalable while preserving integrity guarantees.

The contract surface

The core workflow revolves around document registration and permission management.

contract DocumentRegistry {
    struct Doc {
        bytes32 cidHash;
        address owner;
        uint64 createdAt;
        bool revoked;
    }
 
    mapping(bytes32 => Doc) public docs;
 
    function register(bytes32 docId, bytes32 cidHash) external { /* ... */ }
 
    function grant(bytes32 docId, address grantee) external { /* ... */ }
 
    function revoke(bytes32 docId) external { /* ... */ }
}

The smart contracts enforce ownership verification and access permissions directly on-chain.

Decisions worth calling out

  • Hashes on-chain, files off-chain — storing entire legal documents on Ethereum would be prohibitively expensive and unnecessary. Only document hashes and metadata are committed on-chain.
  • IPFS for decentralized persistence — content-addressable storage makes document tampering immediately detectable.
  • MetaMask over traditional authentication — wallet-based authentication simplifies identity verification while removing password management complexity.
  • NLP summarization as a secondary layer — summaries improve usability without changing the underlying source document.
  • Immutable audit trails — access changes and document registrations become permanently traceable through blockchain transactions.

Trade-offs I made

One of the biggest trade-offs was balancing decentralization with usability.

Fully encrypted client-side document workflows would improve privacy further, but they would also complicate retrieval, sharing, and NLP processing significantly.

I also intentionally avoided putting the summarization system directly on-chain. AI inference workloads are computationally expensive and far better suited to an off-chain backend architecture.

Security model

LawLedger uses layered verification mechanisms:

  • Ethereum smart contracts for ownership and access control
  • IPFS content hashing for integrity verification
  • MetaMask signatures for authentication
  • role-based authorization enforcement
  • immutable blockchain transaction history for auditability

Every uploaded document becomes cryptographically tied to its recorded hash, making silent modification detectable immediately.

Testing & validation

The system was deployed and tested on the Sepolia testnet.

Validation focused on:

  • role-based permission enforcement
  • document integrity verification
  • access revocation correctness
  • upload latency
  • IPFS retrieval consistency
  • summarization pipeline accuracy

Smart contract permission functions such as grantAccess() and revokeAccess() were tested across multiple role combinations to verify correct access enforcement.

What it taught me

This project changed how I think about trust in software systems.

Most applications rely heavily on centralized assumptions — trusted databases, trusted administrators, trusted logs. Blockchain systems force you to think differently about where trust exists and how much of it can be replaced with verifiable state transitions.

It also taught me that decentralization alone is not enough. Real systems still need practical usability layers, efficient storage strategies, and tooling that people can realistically adopt in everyday workflows.