Circuit for Liquidation Proofs

Circuit for Liquidation Proofs

Oracle Price Check • Funding Rate Normalization • Leverage vs. Margin Constraint

SnarkSide’s liquidation mechanism is underpinned by a robust and cryptographically rigorous zero-knowledge circuit that verifies the insolvency of a margin vault without disclosing its contents, owner, or index. This circuit plays a critical role in enforcing liquidation logic under full privacy, ensuring that the act of closing a failing position can be verified without betraying who held the position or how it was structured.

This section dissects the Liquidation Proof Circuit — detailing how the system validates real-time solvency under market conditions, accounts for funding rate adjustments, and enforces maximum leverage constraints, all within a zero-knowledge framework.

Objective

To construct a zkSNARK that proves the following:

  • A specific encrypted position (stored as a Poseidon commitment) exists in the vault tree.

  • The mark price (from oracle) causes the position’s health to fall below the protocol’s liquidation threshold.

  • The funding rate (positive or negative) has been normalized over time.

  • The position’s notional, margin, and leverage are provably out of bounds.

All of this must be done without revealing:

  • The vault’s index or position in the Merkle tree.

  • The owner of the vault or any identifying key.

  • The actual values of entry price, margin amount, or leverage.

Only the proof of insolvency is revealed.

Circuit Inputs

Public Inputs

- vault_merkle_root
- mark_price_commitment
- nullifier (to mark spent vault)
- new_liquidated_commitment

Private Witness

- entry_price (fixed-point)
- direction (1 = long, 0 = short)
- leverage (uint16)
- margin_amount (uint256)
- funding_accrued (int256)
- expiry_slot
- vault_salt
- oracle_mark_price
- funding_cumulative_index
- funding_entry_index
- owner_secret

Constraint Logic Breakdown

1. Oracle Price Validation

Oracle price must be proved valid via either:

  • A Merkle inclusion of a signed Pyth or Switchboard update.

  • A hash commitment (via relayer) to a signed timestamped oracle batch.

Constraint:

assert(Poseidon(oracle_price, timestamp) == mark_price_commitment)

This ensures the price used in liquidation proof corresponds to a previously attested price.

2. Funding Rate Normalization

Funding payments accrue over time based on cumulative index differences.

Funding Delta:

funding_delta = funding_cumulative_index - funding_entry_index

Constraint:

normalized_margin = margin_amount + (funding_delta × notional_value × direction)

This accounts for both positive and negative funding over the duration of the position, adjusted by direction (longs pay shorts, shorts receive from longs, or vice versa depending on funding rate).

3. Leverage vs. Margin Constraint

To determine insolvency, we compute:

notional_value = entry_price × leverage
liquidation_price = entry_price ± (entry_price × liquidation_threshold)
mark_to_market_loss = |entry_price - mark_price|
adjusted_margin = normalized_margin - mark_to_market_loss

Constraint:

assert(adjusted_margin < min_maintenance_margin)

This proves that after accounting for losses and funding, the position has fallen below required maintenance — without revealing the actual loss value.

4. Nullifier Commitment

To prevent replay, the nullifier associated with the vault must be proven correct:

nullifier = Poseidon(owner_secret, vault_salt)

Constraint:

assert(nullifier is not in usedNullifiers)

Once this proof is submitted and verified, the nullifier is stored as burned.

5. Transition to Liquidated State

A new vault commitment must be generated to redistribute the residual funds and reward the liquidator:

new_commitment = Poseidon(payout_to_liquidator, fee_cut, salt2, nullifier_liquidator)

Constraint:

  • The circuit verifies that margin flows sum correctly.

  • Total margin conserved minus penalty.

  • Nullifier for new commitment must be unique and unused.

Efficiency Considerations

To optimize gas cost and SNARK proving time, the circuit:

  • Uses Poseidon over BN254 (or Pasta curves for ZEXE-based variants).

  • Collapses funding calculations into a single scalar product.

  • Uses binary tree selectors to mask direction-sensitive price deltas.

Each proof remains under 100ms proving time on desktop hardware and <250k gas for verification in batch mode.

Summary

The Liquidation Proof Circuit in SnarkSide:

  • Validates insolvency under live market conditions.

  • Normalizes margin for funding payments.

  • Verifies that margin no longer satisfies leverage constraints.

  • Reveals nothing about user identity or vault structure.

It turns one of the most publicly exposed mechanics in DeFi — liquidation — into a purely cryptographic interaction. This preserves privacy, improves fairness, and aligns incentives through trustless proof, not observable pain.

PreviousNon-Interactive LiquidationsNextThird-Party Liquidators

Last updated