project-proposal-2025

TicketFair: A Scalable Dutch Auction Platform for Concert Tickets

Abstract

TicketFair revolutionizes concert ticket distribution through a modified Dutch auction with random selection that prevents scalping while maximizing value for fans and artists. The platform requires robust security to protect bid confidentiality, exceptional scalability to handle traffic spikes, and comprehensive testability to verify the fairness of our selection algorithm. TicketFair ensures genuine fans get fair access while artists receive optimal value.

Author

Name: Nissan Dookeran

Student number: 45121586

Functionality

TicketFair provides a comprehensive ticket auction platform designed to create fair access to concert tickets while combating scalping. The complete system will include:

• User & Event Management:
  • Secure registration with identity verification
  • User profiles with purchase history
  • Concert creation interface with custom auction configuration
  • Venue mapping and seat selection
• Auction Engine:
  • Dutch auction mechanism with configurable parameters
  • Real-time price broadcasting to all participants
  • Bid placement with maximum price specifications
  • Random selection timepoint generation after auction close
• Anti-Scalping Measures:
  • Bot detection and prevention
  • Delayed digital ticket delivery (24-48 hours before event)
  • Dynamic QR codes that periodically refresh
  • Identity binding to tickets to prevent unauthorized transfers
• Payment & Marketplace:
  • Secure transaction handling
  • Controlled secondary market with price caps
  • Refund processing for unsuccessful bids
  • Verification of legitimate resellers
• Transparency & Communication:
  • Blockchain-based verification of random selection process
  • Real-time auction status updates and notifications
  • Public audit logs of auction results (anonymized)
  • Analytics dashboards for organizers

The platform will be accessible via web browsers and mobile applications, providing a seamless experience while maintaining integrity and fairness.

Scope

The MVP will deliver core functionality using a hybrid microservice architecture implementable within 3-4 weeks:

• User Service:
  • Registration via Amazon Cognito with OAuth 2.0 integration
  • User profile management with bidding history
  • Rate limiting and basic bot prevention
  • RESTful API endpoints for user operations
• Auction Service:
  • Dutch auction implementation with configurable parameters
  • Bid placement, processing, and validation
  • Integration with Chainlink VRF for verifiable random selection
  • Auction results calculation and winner determination
• Notification Service:
  • Real-time price updates via WebSockets
  • Email notifications for auction results
  • System status messaging
  • WebSocket connections for live updates
• Infrastructure:
  • Docker containerization for all services
  • AWS deployment using ECS/Fargate
  • Single Amazon RDS database with multi-tenant design
  • Basic API gateway for service orchestration
• Frontend:
  • NextJS web application with responsive design
  • Core bidding interface with real-time updates
  • Basic admin dashboard for auction management
  • Server-side rendering where appropriate
• DevOps:
  • CI/CD pipeline for automated testing and deployment
  • Basic monitoring and logging infrastructure
  • Load testing setup to verify scalability requirements

flowchart LR
    A[Users Register] --> B[Organizers Create Auctions]
    B --> C[Users Place Bids]
    C --> D[Real-time Updates to All Users]
    D --> E[Verifiable Random Selection]
    E --> F[Winner Notification]

The MVP demonstrates the core auction process: registration, auction creation, bidding, real-time updates, and verifiable random selection of winners.

Quality Attributes

Security

Security is fundamental to TicketFair’s success as the platform must protect sensitive information and ensure auction integrity. Key requirements include:

• Bid Confidentiality: Prevent users from accessing or determining other users’ maximum bid values during active auctions.
• Identity Verification: Verify user identities to prevent multiple accounts by the same individual, with 99.9% authentication success for legitimate users.
• Bot Prevention: Detect and block automated bid placement (target: 95% of automated attempts blocked).
• Auction Integrity: Implement verifiable, tamper-proof random selection with cryptographic fairness proof.

Scalability

Scalability is critical as concert auctions generate extreme traffic spikes, particularly as prices drop. Key requirements include:

• Concurrent User Handling: Support N+1 redundancy with horizontal scaling to handle 300% traffic spikes while maintaining sub-2-second response times (95th percentile).
• Bid Processing Capacity: Implement queuing mechanisms handling industry-standard throughput (50-100 TPS) while maintaining ACID properties.
• Real-time Notification: Utilize pub/sub patterns with WebSocket latency under 500ms for connected clients.
• Auto-scaling: Conform to AWS best practices with 60-second scale-out response time.

Testability

Testability ensures auction correctness, fair ticket distribution, and system integrity. Key requirements include:

• Auction Logic Verification: Enable isolated testing of price decrements, bid processing, and winner selection across scenarios.
• Randomness Validation: Verify the selection process as truly random and unbiased through statistical validation.
• Component Isolation: Design microservices with clear boundaries for independent testing with mocked dependencies.
• Test Automation: Cover 70% of core functionality with automated tests, aligning with e-commerce industry norms.

Evaluation

Security Evaluation

• Bid Confidentiality Testing:
  • Implement multiple test users and verify through database queries and API responses that no user can access another’s maximum bid value
  • Use network traffic analysis tools to confirm that bid information is properly encrypted in transit

    Success criteria: Zero instances of bid information leakage in controlled penetration tests

• Bot Prevention Verification:
  • Deploy automated scripts that mimic common bot patterns (rapid requests, predictable patterns)
  • Implement standard bot challenges and measure their effectiveness

    Success criteria: Detection rates should align with OWASP Automated Threat Handbook recommendations (typically 90-95% detection for known bot patterns)

• Random Selection Verification:
  • Implement statistical analysis of multiple test auctions
  • Verify Chainlink VRF integration produces cryptographically verifiable randomness

    Success criteria: Selection points must pass the NIST Statistical Test Suite for Random Number Generators (SP 800-22)

Scalability Evaluation

• Load Testing:
  • Use industry-standard tools (JMeter, Gatling) to simulate increasing user loads
  • Create test scenarios that mimic real-world usage patterns including traffic spikes

    Success criteria: System maintains response times within the Apdex index “satisfied” threshold (T < 2 seconds)

• Bid Processing Capacity Testing:
  • Generate sustained bid traffic to test queueing mechanisms
  • Verify that bids are processed in correct chronological order

    Success criteria: System consistently processes bids at rates comparable to industry e-commerce benchmarks (50-100 TPS per RSR studies) while maintaining data integrity

• Auto-scaling Verification:
  • Introduce rapid traffic increases and measure time to scale out
  • Monitor resource utilization during scaling events

    Success criteria: New instances become operational within 60 seconds of sustained load increase per AWS best practices

Testability Evaluation

• Unit Test Framework Assessment:
  • Measure test coverage using industry-standard tools (Jest, JaCoCo)
  • Verify isolation of components for independent testing

    Success criteria: Achieve code coverage aligned with CISQ recommendations for e-commerce applications (typically 70-75%)

• Integration Testing Capability:
  • Implement API contract tests between microservices
  • Verify that mock interfaces correctly simulate service dependencies

    Success criteria: All service interfaces have corresponding contract tests that validate behavior

• Observability Verification:
  • Evaluate completeness of logging and monitoring implementation
  • Test tracing capabilities across microservice boundaries

    Success criteria: Ability to trace any user transaction end-to-end across all system components

TicketFair addresses concert ticket scalping and unfair access through a microservice architecture implementing a Dutch auction with random selection, ensuring reliability under high-demand while maintaining auction integrity.