Privacy Pool
The privacy pool is the core contract that holds deposits, validates ZK proofs, and processes withdrawals.
Design Principle
Shinobi extends the base PrivacyPool from privacy-pools-core with:
- Crosschain withdrawals with refund protection
- Multi-note spending (Withdraw2) for consolidating balances
- Refund handling for failed crosschain intents
The pool maintains a single Merkle tree of commitments, enabling a unified anonymity set across all supported chains.
Core Operations
Deposits
Commitments are inserted into the Merkle tree. Each deposit creates a leaf that only the depositor can later spend (using knowledge of the secret).
Withdrawals
Users generate a ZK proof demonstrating:
- Ownership of a valid commitment (without revealing which one)
- Membership in the ASP-approved set (compliance)
- The nullifier hasn't been spent
The pool verifies the proof, marks the nullifier as spent, and releases funds.
Withdrawal Types
The pool supports four withdrawal modes:
- Single note — Withdraw from one note on the same chain
- Single note crosschain — Withdraw from one note to a different chain
- Two notes — Spend 2 notes in one transaction (useful for consolidating small balances)
- Two notes crosschain — Spend 2 notes with delivery to a different chain
Crosschain withdrawals include a refund commitment. If the solver fails to fill the intent, the refund is inserted into the pool and the user can withdraw normally.
Proof Validation
Each withdrawal type has a dedicated verifier contract. The pool validates:
- State root — Must be in recent history (allows concurrent proof generation)
- ASP root — Must be the latest (ensures compliance is current)
- Context — Binds the proof to specific withdrawal parameters (prevents replay)
- Nullifier — Must not be already spent (prevents double-spending)
Security Model
| Property | Enforcement |
|---|---|
| Double-spend prevention | Nullifier registry |
| Proof replay prevention | Context binding |
| Compliance enforcement | ASP root validation |
| Concurrent proof support | Root history (last 30) |
| Refund-only by entrypoint | Access control |
Source Code
- ShinobiCashPool
- ShinobiCashPoolSimple (native ETH implementation)
Related
- Entrypoints — Orchestrate crosschain operations
- Privacy Pools — Cryptographic foundations
- Shinobi x OIF — Crosschain settlement