CopyX — Encrypted Copy Trading + Yield Vault on Uniswap v4 (ZAMA FHEVM + AVS)

CopyX is a privacy-first copy-trading and yield generation protocol built as a Vault-as-Hook on Uniswap v4. It uses ZAMA FHEVM to keep user balances and trade intents encrypted end-to-end, and an EigenLayer-style AVS to privately decrypt, simulate, match, and batch trades off-chain—so only the net, aggregated flow ever touches the AMM. Core outcome: Alpha stays private, retail can safely copy it, and idle capital earns yield.

---

What the project is (at a glance)

• Encrypted copy trading: Alpha generators submit encrypted trade intents; subscribers automatically mirror fills proportionally—without revealing per-user sizes or strategy parameters.
• Vault-as-Hook (UEI still there): A Uniswap v4 hook doubles as a shielded vault. Users deposit once, receive encrypted eTokens (e.g., eUSDC/eUSDT), and all later accounting happens privately.
• Off-chain AVS batching & netting: AVS operators privately decrypt batched intents, match opposite flows, simulate routes, set bounds, and post a quorum attestation. The hook executes only the sanctioned net swap.
• Yield on idle capital (90/10): ~10% liquidity remains in the pool for execution; up to 90% can be deployed into DeFi (Aave/Compound/Pendle/Morpho) for baseline yield.
• Merkle-verified safety: Execution is constrained by a Merkle-verified sanitized calldata (leaf = {target, selector, args}) so even a malicious AVS can’t push arbitrary calls.

---

Who it serves

• Alpha Generators (two roles):

  1. Vault Liquidity Managers (institutional scale): steward millions with conservative, programmatic deployment (90/10 policy, risk limits, rebalancing).
  2. Alpha Signal Generators (higher-beta / “degen” side): submit opportunistic encrypted trades that retail subscribers can copy.

• Copy Traders (retail/pros): subscribe to preferred alpha generators; get proportional encrypted fills with per-user sizes hidden.

• LPs / Depositors: capture yield from DeFi deployments + lower AMM churn thanks to internal matching.

---

How it works (end-to-end)

1. Deposit & Shielding: Users deposit ERC-20s; the hook mints encrypted balances (eTokens) using ZAMA FHEVM types.

2. Encrypted Intents: Traders encrypt amounts (and optional minOut) locally and submit intents to the hook; only ciphertext handles land on-chain.

3. Batching Window: The hook collects intents for a short window (e.g., ~5 blocks) and emits a TaskCreated header (batchId, snapshot, TTL, decryptor address).

4. AVS Decrypt → Simulate → Net:

   • Operators privately decrypt the batch off-chain, simulate on a deterministic snapshot, match opposite sides, and compute safe bounds (per-leg minOut, maxNetIn/Out, exposure caps).
   • A quorum signs (batchId, bounds, snapshotCommit), and an aggregator posts it on-chain.

5. Merkle-Gated Execution: The Uniswap v4 hook acts as a gate. On executeBatch, it checks quorum, TTL, and Merkle proofs for sanitized calldata, then performs only the net AMM swap via PoolManager (private inclusion to reduce MEV).

6. Encrypted Settlement & Copy: Per-user balance deltas are applied as encrypted adds/subs (no plaintext amounts revealed). When a trader’s execution is validated/profitable, CopyX proportionally mirrors the fill to subscribers’ encrypted balances.

7. Withdraw (optional): Users can redeem to any recipient to further break linkage.

Privacy surface:

• Private: per-user balances, individual intent sizes, per-user fills, trader params.
• Public: deposits/withdrawals, batch headers, aggregated swap size, quorum attestations.

---

Yield generation (90/10 policy)

• Live inside the hook vault:

  • 10% liquidity stays in-pool for immediate fills and slippage control.
  • Up to 90% can be deployed by Vault Liquidity Managers into DeFi (Aave/Compound/Morpho/Pendle) based on utilization and risk constraints.

• Why this matters: steady baseline yield when trading is quiet; rebalancing pulls funds back when utilization rises.

• Separation of concerns:

  • Institutional vault strategies (large, conservative, risk-bounded) run independently from
  • Retail-friendly copy strategies (smaller, higher-beta, opportunistic). Both flows remain encrypted and are enforced by AVS bounds and the hook gate.

---

Architecture (concise)

• On-chain

  • HookVault (Uniswap v4 hook + vault): encrypted balances, intent handles, gate checks, execution + settlement.
  • Task/Service Manager: task anchors, operator registry, quorum, slashing.
  • Merkle Verifier (inline or module): enforces {target, selector, args} leaves.

• Off-chain

  • AVS Operator Node: decrypt (per-batch ephemeral), simulate, net, derive bounds, sign.
  • Aggregator: collects k-of-n signatures and posts quorum.
  • Snapshot Service: deterministic state (reserves/oracles/params) binding.
  • Private Relayer: ensures private inclusion to minimize last-mile MEV.

• Frontend

  • React + ZAMA SDK: local encryption, intent submission, subscription UX, vault/position views.

---

Security & correctness

• Quorum & Slashing: equivocation, stale snapshots, or violated bounds are slashable.
• TTL & Snapshot Binding: batches expire; bounds are tied to a specific snapshotCommit.
• Gate-first design: the hook refuses execution without valid quorum + Merkle proof + bounds checks.
• MEV minimization: internal matching + private inclusion; only one net swap is public.

---

What’s novel

• Encrypted copy trading on Uniswap v4 where alpha stays private yet verifiably propagates to subscribers.
• Dual track capital use: institutional-grade vault management (90/10) and retail-scale copy strategies in one encrypted system.
• Intent matching & netting that slashes gas, reduces AMM churn, and improves LP outcomes—without leaking per-user intent sizes.

In one sentence: CopyX delivers private, verifiable copy trading and capital-efficient yield on Uniswap v4 by combining ZAMA FHEVM encryption with an AVS that nets flows off-chain and executes only the aggregate on-chain.

We built CopyX by integrating three powerful templates that gave us a massive head start - the Zama FHEVM template, EigenLayer's Hello World AVS template, and Uniswap V4 Hooks template. These templates eliminated weeks of boilerplate setup and let us focus purely on the integration magic.

The Tech Stack & Architecture

Core Technologies:

• FHEVM by Zama: Powers all our encryption - from encrypted balances (euint128) to encrypted swap amounts. We use FHE operations like add, sub, gte, and select throughout the contracts to maintain complete privacy.
• Uniswap V4 Hooks: Our UniversalPrivacyHook contract implements the full hook interface, intercepting swaps at beforeSwap and afterSwap to handle encrypted tokens.
• EigenLayer AVS: Operators handle batch decryption and intent matching off-chain, reducing on-chain gas costs by 45%.
• React + Next.js: Frontend built with Zama's @zama-fhe/relayer-sdk for client-side encryption.

The Nitty-Gritty Integration

1. Hybrid Token SystemWe created HybridFHERC20 tokens that maintain dual balances - public and encrypted. Users deposit regular USDC/USDT and receive encrypted versions (eUSDC/eUSDT) that only they can decrypt.

2. Intent Batching & Matching (The Hacky Part)Instead of processing swaps individually, we batch intents every 5 blocks. Our AVS operators:

• Decrypt all intents in a batch simultaneously
• Match opposite trades internally (USDC→USDT with USDT→USDC)
• Only execute the net difference on Uniswap
• Example: 4 users want to swap 20k total → internal matching handles 8.7k → only 11.3k hits the AMM

1. The 90/10 Capital SplitHere's where it gets interesting - when LPs add liquidity, we only send 10% to the Uniswap pool and mark 90% for deployment to Aave/Compound. This maintains sufficient liquidity while generating extra yield on idle funds.

2. Merkle Verification for SafetyAVS operators generate Merkle proofs for profitable trades. The contract only executes trades with valid proofs, preventing any malicious operations.

3. Copy Trading ArchitectureSubscribers can follow alpha traders. When a trade proves profitable (verified by AVS), it's automatically replicated proportionally for all subscribers - completely encrypted end-to-end.

Partner Technology Benefits

Zama FHEVM gave us:

• Working FHE operations out of the box
• Gateway for async decryption with callbacks
• Client SDK for browser encryption

EigenLayer AVS enabled:

• Decentralized operator network
• Off-chain computation for intent matching
• Trust-minimized batch processing

Uniswap V4 Hooks provided:

• Direct pool integration
• Callback patterns for custom logic
• Efficient liquidity management

Notable Hacks

The Double Token System: We deploy parallel encrypted tokens for each regular token. When users deposit, they get encrypted versions that trade in a shadow pool, maintaining privacy while staying compatible with Uniswap V4.

Batch Netting Algorithm: By matching opposite intents before hitting the AMM, we reduce actual swaps by ~45%, saving gas and improving privacy (smaller on-chain footprint).

Frontend Encryption: Using Zama's SDK, we encrypt amounts client-side before they ever touch the blockchain - even the mempool never sees plaintext amounts.

The beauty is that the templates handled all the heavy lifting of FHE setup, AVS infrastructure, and hook scaffolding. We just had to wire them together and add our secret sauce - the batching logic, intent matching, and capital efficiency mechanisms. Without these templates, we'd still be debugging basic FHE operations instead of building advanced DeFi features!