Introduction

CipherVault: Shielded Margin Accounts

Introduction

Why We Chose UTXO Over Account-Based Design

In SnarkSide, margin accounts are not modeled using the typical account-based ledger architecture seen in Ethereum and most modern smart contracts. Instead, we adopt a UTXO-like commitment model, inspired by privacy-centric systems such as Zcash and Sapling. This design choice is deliberate, technical, and foundational to SnarkSide’s goals of non-leakage, nullifier-based replay resistance, and fully private vault state transitions.

The Problem with Account-Based Ledgers in Perps

The conventional model for managing balances on a perpetual DEX is the account-based ledger. This means that:

  • Every trader has a visible on-chain balance tied to their wallet.

  • Deposits, withdrawals, and funding payments are state transitions recorded openly.

  • Position margin, leverage, and liquidation thresholds can be inferred from state diffs or public function calls.

While intuitive and EVM-compatible, this model introduces significant privacy and security risks, especially for leveraged perpetuals:

1. Position Traceability

An adversary can observe wallet margin balances over time and correlate this with funding rates, oracle prices, and trade activity to reconstruct likely open positions.

2. Liquidation Signaling

A public position balance means an attacker can estimate your liquidation price and size. With this information, adversaries (including MEV bots or whales) can push markets to trigger forced liquidations — a type of on-chain “margin hunting.”

3. Front-Running Through Balance State

Because trades are settled by modifying account state, an attacker can use mempool observations (or simply block traces) to detect a user's leverage increase, funding entry, or directional size — and act on it before the user’s state is confirmed.

These are not theoretical issues. Transparent perp ledgers become execution surfaces for attack economics. The very fact of your trade — even before its outcome — becomes alpha for someone else.

Why UTXO + Commitments

To eliminate these risks, SnarkSide’s margin system, called CipherVault, is modeled after the UTXO (Unspent Transaction Output) concept but adapted for ZK-enabled smart contracts. The key features are:

1. State as Commitments, Not Balances

There is no global account balance for a user. Instead, each margin deposit, update, or trade results in a new commitment, stored as a hash on-chain:

vault_commitment = Poseidon(amount, owner_nullifier, salt)

These commitments are:

  • Non-linkable

  • Non-indexable

  • Privately owned

To update your margin (e.g. after a match or funding payment), you spend the old commitment (via a SNARK that proves knowledge of its pre-image and nullifier) and create a new one.

2. Nullifier-Based Double-Spend Protection

Each vault commitment includes a nullifier, which is published when the commitment is spent. This prevents double-spending without revealing which vault belonged to whom.

nullifier = Poseidon(owner_secret, salt)

The contract maintains a mapping of usedNullifiers to prevent reuse. Importantly, this is the only public footprint. No balance delta, no address, no purpose is exposed.

3. Shielded Ownership

The vaults are not tied to addresses. Ownership is proven via SNARKs that demonstrate knowledge of the pre-image of the commitment and a matching trapdoor value.

This means:

  • No public address can be tied to any margin vault.

  • No wallet on-chain ever “owns” a visible balance.

  • Only those who hold the commitment witness (off-chain) can interact with or spend it.

4. Off-Chain Vault State

All details about the vault — amount, position, funding rate, historical trades — are held off-chain, encrypted and referenced via Merkle roots or versioned state trees. On-chain only stores:

  • The latest vault root

  • Nullifier set

  • SNARK verifier

This is not just gas-efficient. It is also epistemically minimal: the chain sees only that a valid transition occurred — not what it changed.

Benefits of UTXO-Style CipherVaults

Feature
Advantage

Unlinkability

Vaults cannot be tied to addresses

Replay resistance

Enforced via nullifiers

Shielded balance

Amount is hidden, even during settlement

Stateless design

Vault transitions require no on-chain storage overhead

MEV resistance

No observable position changes or liquidations

Cold storage integration

Vaults can be generated offline and imported as commitments

Summary

Choosing a UTXO-style margin system over an account-based one was not a matter of preference — it was a cryptographic necessity. Perpetual futures trading is uniquely vulnerable to adversarial visibility. CipherVault replaces traditional margin balances with opaque, cryptographically-bound vault commitments, verified by zero-knowledge proofs and unobservable to all third parties.

By doing so, SnarkSide enables the first truly private margining system for decentralized derivatives — one where your size, entry, and liquidation are known only to you, and proved only when needed.

PreviousBatch PostingNextPosition Model

Last updated