melo vault

MeloCafe allows you to deploy a governor contract for any NFT collection that is controlled anonymously by its holders. NFT holders vote semi-anonymously on actions this governor contract takes. A proposal creator creates a proposal on-chain, collects signatures privately off-chain, and uses a ZK proof to show they have consensus from NFT holders to execute the proposal on-chain. Ownership of NFTs is proven off-chain using Ethereum storage proofs, and NFT holders are authenticated using ECDSA signatures, enabling entire communities to vote on proposals without publicly revealing their votes (only the facilitator can see votes).

It's not just NFTs though. ERC20s can be wrapped using a simple NFT contract, which brings this scalability and privacy to fungible token communities as well. It's important to note that each NFT represents a fixed denomination of underlying token, e.g. 100 APE, because it prevents onlookers from guessing which holders voted in favor of a proposal by the exact amount of votes it received. (this depends on proof implementation details, which actually may not reveal the exact count)

These governors can be deployed without any upgrades to the NFT contract, thanks to the use of storage proofs.

We used NextJS (with React), Apollo, styled components, ethers, typechain, ConnectKit, and wagmi for the frontend.

Our API is built with Typescript, Fastify, Objection.js. Objection.js is used to securely store the signatures of the voters and generate proofs.

The contracts are written in Solidity using Forge and the Foundry toolchain. There are tests written to ensure the contracts are functioning as intended.

We attempted to use Noir to write the ZK program that verified off-chain signatures and Ethereum storage proofs. Missing primitives such as variable length arrays, keccak256 hashing, RLP decoding, and ECDSA signature verification prevented us from completing the ZK program for ethereum proof verification. We ran into several hurdles with the tooling for on-chain proof verification. Although we were able to compile a circuit coded in Noir, as well as prove and verify an execution of this circuit using TypeScript and solidity, we were not able to verify storage proofs or ECDSA signatures due to incomplete language support. We do believe this approach is feasible for bootstrapping community-owned multisigs governed by holders of an NFT, but requires the tooling to mature significantly. In the future, we might pick a different backend for writing our ZK circuits.

We recognize that it's possible to move these contracts to a ZK EVM, but that does not provide the same level of privacy as this approach, and does not work as well for NFTs homed on layer 1.