Deposit patterns
There are three deposit patterns. Each makes a different trade-off between simplicity and privacy.Direct shielded deposit
The user (or a wallet on their behalf) deposits an ERC-20 token directly into the ShieldedPool’s deposit contract along with a Poseidon commitment computed off-chain. The commitment encodes the asset, the amount, and the recipient’s spending public key, plus randomness. The deposit contract:- Pulls the tokens from the depositor’s address into the pool’s vault.
- Verifies the commitment matches the deposit amount and asset.
- Anchors the commitment in the global Merkle tree.
Shielded minting via vault
A more private deposit pattern uses a ShieldedMinter vault. The depositor sends tokens to the vault contract; the vault mints the wrapped representation directly into the ShieldedPool rather than to a user address. Only the commitment crosses the on-chain boundary. From the chain’s vantage point:- The vault received tokens. The vault is a public contract; many depositors share it.
- A new commitment was added to the Merkle tree.
- The two events are not cryptographically linked.
Bridged shielded deposit (ZEC)
For ZEC, a future SPV bridge will allow deposits to arrive already shielded inside the ShieldedPool without an intermediate public address on Z. This is the ZEC-specific pattern. The roadmap tracks status.Withdrawal patterns
There are two withdrawal patterns.Withdrawal to a public address
A shielded note can be spent to a public address on the host EVM chain. The withdrawal transaction includes:- Inputs: the shielded notes being spent (referenced by Merkle inclusion proof, with nullifiers published).
- Outputs: the public address receiving funds, plus any change as a new shielded note.
- A zero-knowledge proof that the input amounts and the output amounts balance.