ZexERC is a privacy-preserving decentralized exchange protocol that enables confidential token swaps using zero-knowledge proofs and homomorphic encryption. Built as an extension of the Encrypted ERC-
ZexERC is a privacy-preserving decentralized exchange protocol that enables confidential token swaps using zero-knowledge proofs and homomorphic encryption. Built as an extension of the Encrypted ERC-20 (eERC) standard, ZexERC allows users to trade tokens peer-to-peer while keeping transaction amounts completely hidden from blockchain observers.
In current DeFi ecosystems, all transaction data is publicly visible on-chain. This creates several critical issues:
Front-running attacks: MEV bots can see pending large trades and exploit them
Privacy leaks: Anyone can track wallet balances and trading patterns
Institutional hesitation: Large traders avoid DeFi due to information exposure
Targeted attacks: Visible whale wallets become targets for hackers
ZexERC introduces a novel Confidential Allowance Model for peer-to-peer trading that keeps all amounts encrypted while still allowing trustless, on-chain verification through ZK proofs.
Key Features:
Feature | Description |
|---|---|
🔒 Hidden Balances | All token balances are encrypted using ElGamal encryption on the BabyJubJub curve |
🔐 Confidential Approvals | Approve spending without revealing the amount to anyone except the spender |
🔄 Private Swaps | Execute token swaps where only the participants know the traded amounts |
✅ ZK Verification | All operations are validated by Groth16 zk-SNARK proofs |
📋 Compliance Ready | Optional auditor integration for regulatory requirements |
⛓️ Fully On-Chain | No relayers, mixers, or off-chain components needed |
│ ZexERC Swap Protocol │
├──────────────────────────────────────────────────────────────┤
│ 1. INITIATE: Alice creates offer (rate public, amounts hidden)│
│ 2. ACCEPT: Bob generates ZK proof that his amount is valid │
│ 3. FINALIZE: Atomic swap executes with encrypted balances │
└──────────────────────────────────────────────────────────────┘
Blockchain: EVM-compatible (Mantle L2)
Smart Contracts: Solidity 0.8.27
ZK Circuits: Circom 2.1.9 with Groth16 proving system
Cryptography: BabyJubJub curve, ElGamal encryption, Poseidon hash
Testing: Hardhat, Chai, 97% test coverage
We implemented two approval mechanisms:
Confidential Approve (EOA→EOA): Amount encrypted for spender only
Public Confidential Approve (EOA→Contract): Amount disclosed to enable contract logic
A novel approach to encrypted balance management:
Enables receivers to decrypt their incoming amounts
Maintains full privacy from blockchain observers
Includes auditor PCT for compliance without revealing to public
↓ ↓ ↓
Offer ZK Proof Atomic
Created Verified Swap
Metric | Value |
|---|---|
Lines of Solidity | ~1,500 new lines |
ZK Circuits | 5 new circuits |
Test Coverage | 97% |
Gas (Private Transfer) | ~947k |
Gas (Swap Finalization) | ~800k |
Order book with hidden limit prices
Multi-asset atomic swaps
Privacy pools for liquidity aggregation
Cross-chain confidential bridges
Browser SDK with WebGPU proving
Low Gas Costs: ZK proof verification is expensive; Mantle L2 makes it affordable
EVM Native: Zero modifications needed for deployment
Growing Ecosystem: Privacy is the missing piece in Mantle DeFi
Institutional Alignment: Mantle's treasury focus aligns with our compliance features
# Work Completed During Hackathon
## 1. ZexERC Smart Contract Extension
File: contracts/ZexERC.sol (~900 lines)
Extended the base EncryptedERC contract with the following functionality:
- confidentialApprove()
Approve tokens to EOAs with hidden (encrypted) amounts.
- publicConfidentialApprove()
Approve tokens to contracts with disclosed amounts.
- confidentialTransferFrom()
Spend from encrypted allowances.
- initiateOffer()
Create peer-to-peer (P2P) swap offers.
- acceptOffer()
Accept offers with zero-knowledge proof validation.
- finalizeSwap()
Execute atomic swaps with finalization proofs.
- cancelConfidentialAllowance()
Revoke approvals using a zero-knowledge proof.
---
## 2. Zero-Knowledge Circuits
Directory: circom/
Designed and implemented five new ZK circuits:
| Circuit File | Constraints | Purpose |
|-------------------------------------|-------------|----------------------------------------------|
| confidential_approve.circom | ~15k | Prove approval amount ≤ balance |
| confidential_transfer_from.circom| ~18k | Prove spend amount ≤ allowance |
| cancel_allowance.circom | ~8k | Prove ownership for allowance cancellation |
| offer_acceptance.circom | ~12k | Prove amount ≤ maximum offer amount |
| offer_finalization.circom | ~14k | Prove correct exchange rate computation |
Each circuit verifies:
- Public key ownership (proof of knowledge of private key)
- Balance or allowance sufficiency via range proofs
- Correct encryption of amounts for recipients
- Auditor PCT generation for compliance
---
## 3. Verifier Contracts
Directory: contracts/verifiers/
Auto-generated Solidity verifier contracts from the ZK circuits:
- ConfidentialApproveCircuitGroth16Verifier.sol
- ConfidentialTransferFromCircuitGroth16Verifier.sol
- CancelAllowanceCircuitGroth16Verifier.sol
- OfferAcceptanceCircuitGroth16Verifier.sol
- OfferFinalizationCircuitGroth16Verifier.sol
---
## 4. Interface Definitions
Directory: contracts/interfaces/
Created clean and modular interface contracts:
- IZexERC.sol — Main ZexERC interface
- IConfidentialApproveVerifier.sol
- IConfidentialTransferFromVerifier.sol
- IOfferAcceptanceVerifier.sol
- IOfferFinalizationVerifier.sol
---
## 5. Test Suites
Directory: test/
Implemented comprehensive test coverage:
- *ZexERC.ts**
Unit tests for all ZexERC functions (~34 KB)
- *ZexERC-E2E.ts**
End-to-end swap lifecycle tests with real ZK proofs (~19 KB)
- *zex-helpers.ts**
Utilities for zero-knowledge proof generation and testing (~10 KB)
---
## 6. Deployment Scripts
File: scripts/deploy-zex.ts
Production-ready deployment script that:
- Deploys all base and ZEX-specific verifier contracts
- Deploys the BabyJubJub cryptographic library
- Deploys the Registrar for user key management
- Deploys ZexERC with all dependencies correctly linked
N/A