project screenshot
project screenshot
project screenshot

completely unstoppable decentralized non front-runnable payment links, ethereum & polygon

Created At

ETHOnline 2022

Winner of


๐Ÿ”Ÿ Optimism โ€” Top 10

Project Description & http://cybersquirrel.blockchain


Is it decentralised? Yes, Squirrel is unstoppable, fully decentralised and its frontend is on IPFS. Why does it matter? It's your right to be a cyber squirrel! Uses cases? Wallet-less stashing for yourself, send crypto seamlessly, reward puzzle solving! Can I build on this? Yes, it's all unlicensed and the few bits of js and css we used are MIT or unlicensed. Let us know what thoughts you have! Is it safe? We don't know but we hope so. Try attacking it and let us know!


Check out our other projects

hugo konrad special thanks to roshan & justin. we'd love hear from you and see what you build on this. This is unlicensed. also big thanks to the ethglobal discord community!


zk-SNARKs based smart contract version. Higher gas cost to verify zk Proof, but requires only one transaction to withdraw. Totally feasible on cheap chains like Optimism and Polygon (would be unfeasible on Ethereum L1, >$30 gas cost).

Licences etc

everything is mit or unlicense or otherwise public domain. special thanks to geoff and


Ethereum Goerli: 0x2e0092beE1fF5902278D64d4E760920C6Fd10974 Ethereum Mainnet: Polygon Mainnet:

The problem ๐Ÿฟ solves It's annoying to send crypto to wallets. With Cybersquirrel, you don't even need to know the wallet address. Simply send a link through your preferred channel.

It's also hard to airdrop rewards to your audiences. You don't have a list of wallets of your telegrams, discords etc. With Cybersquirrel, simply send them a link. This works really well for rewards and puzzles, too. Just make the correct answer to the puzzle be the passphrase.

There are dozens of other use cases that are annoying to setup because of frontrunning or having to have dedicated frontends for micro applications. Squirrel solves this. Oh, and squirrel is unstoppable. The frontend is on IPFS, and the SC is deployment on mainnet. Even if we wanted to, we could not undeploy this anymore.

Challenges we ran into

Frontrunning was the greatest challenge with this. Our use case is a textbook example for frontrunning. Alice (stasher) wants to send money to anyone who knows a specific phrase (fetcher). How can you do that on the blockchain, where you can't store private data? First, we thought about ZK proofs because they're super cool. But gas cost of proving a zk-SNARK is still around 500k gwei, so we transitioned to a much cheapert two-phase time-locked transaction mechanism, which is also super cool. This has a smaller attack surface and is a more mature method of doing things. The way it works is this: when someone wants to claim funds, they make a deposit to lock the smart contract for 15 minutes to only allow retrievals to their address. The deposit only gets refunded if the fetcher then submits the correct passphrase. The required deposit amount can be set by the stasher. The two-phase mechanic prevents denial of service attacks and the deposits make DoS attacks very costly.

The second challenge was making this an unstoppable app. This means setting up the smart contract completely non-custodially, and hosting the frontend as a single static file. This is pretty unusual, and we had to adapt the tooling to us.

The third challenge was coming up with a cool story and design for this unstoppable app. We went with a space squirrel theme because we like to watch how squirrels stash stuff. And squirrels should not be sanctioned, because stashing and fetching is a right ส•โŽฬฏอกโŽส”เผ„

How it's Made

IPFS-hosted frontend with a SC that has a deposit-secured time-lock mechanism against front-running when fetching funds. 1st tx locks wallet for 15 minutes, 2nd tx is the actual tx.

Uses: solidity, python, js, tailwind, alpine.


Decentralized frontend (single HTML file on IPFS) Decentralized backend (blockchain smart contract deployed on Polygon) Front-running protection by means of a 2-phase withrawal process with a time-lock Denial of Service protection through a variable withdraw deposit fee Instructions

background image mobile

Join the mailinglist

Get the latest news and updates