Privacy & Security

What Veilnet Hides

User balances: Your total holdings inside the protocol
Recipient addresses: Who you are sending money to internally
Transfer amounts: How much value is moving internally
Internal state transitions: The mechanics of the shielded state accumulator
DeFi action intent where applicable: Future wrapped actions

What May Still Be Visible

Public wallet interaction with contract: The fact that Wallet A deposited X amount into Veilnet
Transaction timing: When you deposited or withdrew
Gas usage: On-chain footprint
Network-level metadata: IP addresses (use a VPN/Tor for maximum privacy)
Bridge entry/exit timing: Flow across chains

Threat Model

Chain Observers

Can see public deposits/withdrawals, but cannot see internal links.

Wallet Linkers

Defeated by Veilnet, provided the user practices good wallet hygiene upon withdrawal.

MEV/Searchers

Cannot front-run internal transfers.

Malicious Frontend Assumptions

Users must verify they are using the official, uncompromised frontend.

Sequencer Metadata Watchers

Encrypted payloads protect against sequencer snooping.

Privacy Limitations

Small Anonymity Sets

If you are the only user depositing a specific obscure token, your withdrawals may be obvious.

Timing Correlation

Moving funds in and out too quickly can leak information about your activity patterns.

User Operational Mistakes

Withdrawing to a wallet previously linked to your identity defeats the privacy benefits.

Public Deposits/Withdrawals

The entry and exit points are always public on-chain. The link between you and the vault is traceable.

Cross-Chain Tracing Risks

Volume correlations across networks can be analyzed to infer fund movements.

Security Assumptions

What Users Trust

Users trust the sequencer network for liveness (processing transactions) and data availability (maintaining the Merkle tree).

What the Contract Enforces

The contract enforces safety. The sequencer cannot forge proofs or steal funds.

What the Sequencer Cannot See

With advanced encryption integration, the sequencing components are designed to minimize metadata exposure.

What Validators/Observers Cannot Infer

Observers cannot link depositors to withdrawers based on transaction content.

Remaining Considerations

Timing correlation (depositing and immediately withdrawing) can still leak information. This is a user-level operational security issue, not a protocol vulnerability.

Privacy & Security ​

What Veilnet Hides ​

What May Still Be Visible ​

Threat Model ​

Chain Observers ​

Wallet Linkers ​

MEV/Searchers ​

Malicious Frontend Assumptions ​

Sequencer Metadata Watchers ​

Privacy Limitations ​

Small Anonymity Sets ​

Timing Correlation ​

User Operational Mistakes ​

Public Deposits/Withdrawals ​

Cross-Chain Tracing Risks ​

Security Assumptions ​

What Users Trust ​

What the Contract Enforces ​

What the Sequencer Cannot See ​

What Validators/Observers Cannot Infer ​

Remaining Considerations ​