CloakSwap RWA
CloakSwapRWA

How It Works

Private eligibility trading with verifiable enforcement

Overview

CloakSwap enables compliant trading of tokenized RWAs (Real-World Assets) like gGOLD on Uniswap v4, with privacy-preserving eligibility checks. Users prove eligibility through encrypted credentials without exposing sensitive data onchain.

1. User Onboarding

  • User enters non-PII attributes: region, accredited status, max trade bucket, expiry
  • Browser encrypts attributes into a bitmap using Zama fhevmjs (client-side)
  • Encrypted ciphertext + expiry stored onchain in UserRegistry
  • No plaintext attributes are ever stored onchain

2. Compliance Enforcement

  • Uniswap v4 Hook intercepts swap attempts in beforeSwap
  • Hook reads encrypted profile from UserRegistry
  • FHEVerifier checks: (userBitmap & ruleMask) == ruleMask
  • If eligible: swap proceeds ✅
  • If not eligible: swap reverts with reason code ❌
  • Hook emits ComplianceCheck event for audit trail

3. Cross-Chain Funding

  • Users can deposit funds from any EVM chain via LI.FI Composer
  • Route: swap (if needed) → bridge → optional contract call
  • Step-by-step execution with receipts for each transaction
  • Handles slippage, errors, and gas estimation

4. ENS Identity & Preferences

  • ENS names displayed for users and issuers
  • Trading preferences stored as ENS text records: cloakswap:preferredChain, cloakswap:preferredToken
  • Preferences prefill deposit flows and personalize UX

Privacy Model

Onchain (Public)

  • • Encrypted ciphertext (bytes)
  • • Expiry timestamp (uint64)
  • • Pool rule mask (uint256)
  • • ComplianceCheck events (pass/fail + reason)

Not Onchain (Private)

  • • Region (plaintext)
  • • Accredited status (plaintext)
  • • Max trade bucket (plaintext)
  • • User bitmap (plaintext)

Reason Codes

0OK - Eligible
1NO_CREDENTIAL - No credential found. Go to Get Verified.
2EXPIRED - Credential expired. Re-verify to trade.
3NOT_ELIGIBLE - Not eligible for this market.
4POOL_NOT_CONFIGURED - Pool not configured.

Threat Model

What we protect: User's compliance attributes (region, accredited status, limits) are never exposed onchain. Only encrypted ciphertext is stored.

What we reveal: Pass/fail result and reason codes are public for auditability. This is necessary for transparent compliance enforcement.

Verifiability: All hook decisions are recorded in ComplianceCheck events, making the system auditable without revealing private data.

Bounty Alignment

✅ Uniswap v4 Privacy DeFi

Hook-based privacy-enhancing market structure. Eligibility stored as ciphertext only. Hook enforces compliance deterministically. All decisions verifiable via events.

✅ LI.FI Integration

"Deposit from anywhere" flow supporting 2+ EVM chains. Route execution with step receipts. Error handling and slippage management.

✅ ENS

ENS name resolution for users and issuers. Creative use: trading preferences stored as ENS text records for portable UX across dApps.

ENS Decentralized Web

ContentHash

No contenthash set for cloakswap.eth. Set one to enable decentralized web hosting.