Private-Launchpad

We’re building a fully on-chain, privacy-preserving token sale system on Ethereum Sepolia using Zama FHEVM. Users deposit payment tokens publicly via a Uniswap v4 hook, but submit bids privately: their max price (and spend/qty) stays encrypted. A batch (uniform-price) auction computes a single clearing price and allocations without revealing individual bids or allocations. Settlement is permissionless: winners claim encrypted sale tokens and everyone can withdraw refunds, with authorization enforced by cryptographic KMS decryption proofs (no TEE, no relayers required). Deposits are rehypothecated into a lending adapter while idle, then unwound to fund claims and refunds, keeping capital productive throughout the auction.

We split the system into three on-chain modules and wired them end-to-end with Hardhat on Ethereum Sepolia.

A Uniswap v4 Hook (MixerLiteHook) is used as an execution-layer integration point rather than a pricing primitive. The hook does not modify AMM pricing or swap outputs. Instead, it attaches structured logic to the swap lifecycle. During afterSwap, optional hookData can atomically register a bid by creating a bidId and recording the payer, receiver, refund address, and encrypted claim key. The same bid can also be registered via a standalone function, so the swap path is a composability feature rather than a strict requirement.

Bid parameters (max price and max spend/quantity) are encrypted client-side using Zama’s FHEVM SDK and only ciphertext handles are stored on-chain. The auction contract performs a batch, uniform-price clearing: encrypted bids are compared homomorphically to determine demand at a candidate price, and a single clearing price and per-bid allocation/cost are produced without revealing individual bids.

The hook also acts as the settlement custodian. Deposited payment tokens are immediately parked in a lending adapter under the contract’s ownership. When swaps occur, the hook’s beforeSwap and afterSwap phases implement a liquidity shuttle: funds are temporarily withdrawn from lending to ensure liquidity is available to the PoolManager, and any remaining balance is redeposited afterward. After the auction finalizes, users make their results decryptable via KMS proofs and call the hook to settle: sale tokens are transferred to the receiver and refunds are paid out, unwinding the lending position only as needed.

Claims are permissionless and authenticated using Zama KMS decryption-proof verification (EIP-712 signatures checked on-chain), allowing the receiver to prove authorization without relayers or trusted execution hardware.

The key design decision is that the hook is not used to change AMM pricing, but to embed structured financial logic directly inside the swap lifecycle. This allows atomic bid registration and capital management while keeping the auction computation separate from the AMM, simplifying accounting and avoiding custom routing or multi-transaction flows.