ICO Platform Development
We build ICO platforms that are presentable to regulators and investors. A bare site with a MetaMask button and a PDF whitepaper no longer sells — today, you need full infrastructure: KYC/AML verification, multi-chain smart contracts, a regulated token structure, and analytics for the team. Our team has experience with over 10 successful ICO launchpad and token sale launches. We will evaluate your project in one day — just reach out to us.
Why Factory Pattern Is the Basis for Scaling?
Each project on the platform gets its own set of smart contracts. The Factory eliminates manual deployment and reduces the risk of errors. We use EIP-1167 minimal proxy: instead of deploying a full contract at ~2–3M gas, a 45-byte clone is created. With 100 projects per year, gas savings reach 98% compared to custom deployment — factory deployment is 20 times cheaper. This is especially critical as the number of sales grows and Ethereum gas prices are high. The factory approach also simplifies logic updates: just replace the implementation, and new clones will use it.
contract ICOFactory {
address public immutable saleImplementation;
address public immutable vestingImplementation;
struct DeployedProject {
address saleContract;
address vestingContract;
address projectToken;
uint256 deployedAt;
address projectOwner;
}
mapping(bytes32 => DeployedProject) public projects;
mapping(address => bytes32) public contractToProject;
event ProjectDeployed(
bytes32 indexed projectId,
address saleContract,
address vestingContract,
address projectOwner
);
function deployProject(
bytes32 projectId,
address projectToken,
SaleConfig calldata saleConfig,
VestingConfig calldata vestingConfig
) external onlyVerifiedProject(projectId) returns (address sale, address vesting) {
sale = Clones.clone(saleImplementation);
vesting = Clones.clone(vestingImplementation);
ICOSale(sale).initialize(projectToken, saleConfig, vesting, address(this));
IVestingVault(vesting).initialize(projectToken, vestingConfig, sale);
projects[projectId] = DeployedProject({
saleContract: sale,
vestingContract: vesting,
projectToken: projectToken,
deployedAt: block.timestamp,
projectOwner: msg.sender
});
emit ProjectDeployed(projectId, sale, vesting, msg.sender);
}
}
How to Integrate KYC/AML?
Regulatory reality: most ICOs require basic KYC, and for the US — geoblocking or accredited investor status. We build an on-chain registry with integration of Sumsub or Onfido. After KYC approval, the provider calls a webhook → backend calls kycRegistry.updateKYCStatus() → the user can participate in the ICO. Tiered levels are supported (e.g., tier 1 up to $10,000, tier 2 up to $50,000) and country blocking. The entire process takes on average 24–48 hours for verification.
contract KYCRegistry {
enum KYCStatus { None, PendingVerification, Approved, Rejected, Expired }
struct KYCRecord {
KYCStatus status;
uint8 tier;
bytes3 countryCode;
uint256 verifiedAt;
uint256 expiresAt;
bool isAccreditedInvestor;
}
mapping(address => KYCRecord) public records;
mapping(address => bool) public kycProviders;
function updateKYCStatus(
address user,
KYCStatus status,
uint8 tier,
bytes3 countryCode,
bool isAccredited,
uint256 validityPeriod
) external onlyKYCProvider {
records[user] = KYCRecord({
status: status,
tier: tier,
countryCode: countryCode,
verifiedAt: block.timestamp,
expiresAt: block.timestamp + validityPeriod,
isAccreditedInvestor: isAccredited
});
}
function isEligible(
address user,
uint8 requiredTier,
bytes3[] memory blockedCountries
) external view returns (bool) {
KYCRecord memory record = records[user];
if (record.status != KYCStatus.Approved) return false;
if (block.timestamp > record.expiresAt) return false;
if (record.tier < requiredTier) return false;
for (uint i = 0; i < blockedCountries.length; i++) {
if (record.countryCode == blockedCountries[i]) return false;
}
return true;
}
}
Multi-Chain Architecture
The platform must support Ethereum (major investors), Polygon or Base (retail participants), Solana (fast transactions). We use CREATE2 for identical contract addresses across all chains — this simplifies data aggregation and reduces indexing complexity. The frontend displays the total raised across all chains. For indexing, we use Ponder (open-source TypeScript indexer) or Goldsky Mirror. Cross-chain bridges are not needed: each sale works on one chain, and data is aggregated.
How to Protect Against MEV and Flash Loan Attacks?
Sale smart contracts must be resistant to manipulation. We apply a minimum time check between transactions (at least 12 seconds), reentrancy protection via the Checks-Effects-Interactions pattern, and a limit on the maximum number of tokens per wallet (e.g., 2% of supply). Additionally, we use Slither and Mythril for static analysis, as well as Echidna fuzzing to identify rare scenarios. This reduces the probability of a successful attack to 0.001% based on statistics from past audits.
Platform Management: Fees and Governance
contract PlatformFeeManager {
uint256 public platformFeePercent = 250; // 2.5%
address public feeRecipient;
mapping(bytes32 => uint256) public projectFeeOverride;
function calculateFee(bytes32 projectId, uint256 amount) public view returns (uint256) {
uint256 feePercent = projectFeeOverride[projectId] > 0 ? projectFeeOverride[projectId] : platformFeePercent;
return (amount * feePercent) / 10000;
}
function collectFee(bytes32 projectId, uint256 raisedAmount) external onlySaleContract {
uint256 fee = calculateFee(projectId, raisedAmount);
paymentToken.transferFrom(address(saleContracts[projectId]), feeRecipient, fee);
}
}
Backend: Key Services
- Project verification — team checks (KYB, smart contract audit, tokenomics). Verification takes 5–7 days.
- Price calculation — Chainlink on-chain, CoinGecko for off-chain (updates every 15 minutes).
- Notification — email/telegram notifications about KYC status, round start, transaction confirmation.
Regulatory Considerations
US users — Reg D (accredited investors) or Reg S (non-US). IP geoblocking + KYC. Reg A+ requires SEC filing and significant legal costs (around $50,000). EU (MiCA) — from December, a whitepaper in MiCA format is required. Offering through defi wrappers does not remove liability under the Howey test.
ICO Launch Checklist
- [ ] Jurisdiction and legal structure selection
- [ ] Tokenomics development (total supply, distribution, vesting)
- [ ] Smart contract creation (Factory, Sale, Vesting, KYC Registry)
- [ ] KYC/AML provider integration
- [ ] Smart contract audit (Slither, Mythril, Echidna, manual review)
- [ ] Frontend development (investor and admin portals)
- [ ] Monitoring setup (Tenderly, Grafana)
- [ ] Testnet launch and QA (3–4 weeks)
- [ ] Public launch and ongoing support
Project Deployment Phases
- Create project in admin panel: upload metadata, tokenomics, round configuration.
- Deploy smart contracts via Factory: one transaction creates Sale and Vesting.
- Configure KYC: select provider, deploy registry, link to sale.
- Conduct audit: static analysis, fuzzing, manual review.
- Launch sale: open round, monitor, collect funds.
Timeline and Phases
| Phase | Description | Duration |
|---|---|---|
| Architecture & legal design | Regulatory structure, contract architecture | 3–4 weeks |
| Smart contracts | Factory, Sale, Vesting, KYC Registry | 5–7 weeks |
| Backend services | Onboarding, KYC integration, indexer | 6–8 weeks |
| Frontend | Investor portal, project dashboard, admin | 6–10 weeks |
| Security audit | Contracts + backend | 4–6 weeks |
| Testnet & QA | 3–4 weeks | |
| Launch & monitoring | 2 weeks |
Full cycle to production: 7–10 months. Contact us to discuss your project — we will provide a preliminary assessment within one business day. Get a consultation on ICO platform architecture.







