Paymasters

Shinobi Cash uses ERC-4337 paymasters to enable gasless, private withdrawals.

Paymasters sponsor gas on-chain and are repaid from the withdrawn amount — allowing withdrawals to target fresh, unfunded addresses without relying on third-party relayers.

In privacy protocols, gas handling is part of the threat model, not just a UX concern.

Design Principle

When withdrawing from a privacy protocol, users realistically have two options:

Use a relayer — Preserves UX but introduces trust and off-chain coordination
Pre-fund a fresh address — Avoids relayers but adds friction and linkage risks

Shinobi uses ERC-4337 paymasters to replace both with a single, on-chain mechanism that preserves privacy guarantees without protocol-specific infrastructure.

Why ERC-4337 Paymasters

Relayer-based designs rely on centralized infrastructure, off-chain fee negotiation, and additional trust assumptions.

ERC-4337 paymasters allow Shinobi to:

Use standard AA infrastructure — Compatible with existing bundlers (Pimlico, Alchemy, etc.)
Keep fee logic on-chain — Gas sponsorship and repayment enforced by contracts
Minimize trusted surface — No new trust assumptions beyond the ERC-4337 model

This keeps the withdrawal path deterministic, auditable, and composable.

Paymaster Selection

Scenario	Paymaster
Same-chain, 1 note	`ShinobiNativeWithdrawalPaymaster`
Cross-chain, 1 note	`ShinobiNativeCrosschainWithdrawalPaymaster`
Same-chain, 2 notes	`ShinobiNativeWithdraw2Paymaster`
Cross-chain, 2 notes	`ShinobiNativeCrosschainWithdraw2Paymaster`

The application selects the appropriate paymaster based on note count and destination chain.

Security

Paymasters cannot steal funds
Gas sponsorship is bounded and deterministic
Failed execution results in a revert
Bundlers and UI are explicitly untrusted

Source Code

Entrypoints — Withdrawal orchestration
Privacy Pool — Proof validation

Design Principle

Why ERC-4337 Paymasters

Paymaster Selection

Security

Source Code

Related