Architecture

System Overview

┌──────────────────┐                    ┌──────────────────────────────────┐
│   Public Wallet   │──── Deposit ─────→│        Private Reserve           │
│  (on-chain addr)  │←─── Withdraw ─────│     (Shared Privacy Layer)       │
└──────────────────┘                    │                                  │
                                        │  • Aggregates all deposits       │
                                        │  • Encrypted stealth addresses   │
                                        │  • ZK proof verification         │
                                        │  • Balance ledger                │
                                        └──────────┬───────────────────────┘
                                                   │
                                        Make Spendable / Move to Reserve
                                                   │
                                        ┌──────────▼───────────────────────┐
                                        │    Spendable (Private Balance)    │
                                        │                                  │
                                        │  • Isolated execution env        │
                                        │  • Private DeFi interactions     │
                                        │  • Fee deduction (15 bps)        │
                                        │  • Cannot call Reserve           │
                                        └──────────┬───────────────────────┘
                                                   │
                                          Execute / Interact
                                                   │
                                        ┌──────────▼───────────────────────┐
                                        │     Rujira Applications           │
                                        │                                  │
                                        │  Trade • Perps • Liquidations    │
                                        │  Index • Borrow • Launchpad     │
                                        │  Strategies • Staking            │
                                        └──────────────────────────────────┘

                    ┌──────────────────────────────────────┐
                    │          Gas Tank (RUNE)              │
                    │  • ~0.02 RUNE per swap                │
                    │  • Funded from Public Account         │
                    │  • Only needed for swaps/sends        │
                    └──────────────────────────────────────┘

Smart Contract Architecture

Redacted is built with CosmWasm on Rujira and consists of three components:

Component

Role

Private Reserve (Proxy Contract)

Central privacy pool. Handles deposits, withdrawals, balance tracking, stealth address encryption, and ZK proof verification

Spendable (Sub-Wallet Contract)

Isolated execution environment for each user. Handles DeFi interactions, fee collection, and private transaction execution

Protocol Package

Shared cryptographic library containing Groth16 ZK verification, elliptic curve operations, and common types

Security Properties

Spendable accounts can only be called by the Private Reserve — No external contract can trigger your Spendable account
Spendable accounts cannot call the Reserve — Prevents reentrancy attacks
Spendable accounts cannot call other Spendable accounts — Full isolation between users
Every sensitive operation requires a ZK proof — Creating a Spendable account, funding it, executing trades, withdrawing

Zero-Knowledge Proofs

Redacted uses Groth16 zk-SNARKs (on the BN254 elliptic curve) to let you prove you're authorized to perform an action — without revealing who you are.

Every sensitive action requires a proof:

Action

What the Proof Validates

Create Spendable account

You own the stealth address

Fund Spendable

You own the Reserve balance and are authorized to move it

Execute trade/swap

You own the Spendable account and authorize this specific transaction

Withdraw

You own the Reserve balance and authorize withdrawal to this address

What ZK Proofs Do NOT Hide

Pool balances — Total Reserve balances are visible on-chain
Trade execution — Swaps execute through THORChain with standard visibility
Transaction timing — All operations have visible timestamps
Transaction amounts — Deposit and withdrawal amounts are public

ZK proofs enforce authorization without revealing identity. They prove "I am allowed to do this" without revealing "I am the person who deposited X at time Y."

Technical Specifications

Parameter

Value

Stealth address length

64 hex characters (32 bytes)

Encryption algorithm

AES-256-CBC

Hash function

SHA-256

ZK proof system

Groth16 (BN254 curve)

Protocol fee

15 bps (0.15%) per interaction

Gas Tank denomination

RUNE only

Swap fee

~0.02 RUNE per transaction

Built With

CosmWasm — Smart contract framework for Cosmos-based chains
Rust — Systems programming language for contract development
Rujira — THORChain's omnichain application layer
Groth16 — Zero-knowledge proof system for efficient on-chain verification
BN254 — Elliptic curve for pairing-based cryptography

Security Audits

Audit

Auditor

Date

Scope

Rujira Smart Contract Audit

FailSafe

January–February 2026

Proxy contract, Sub-Wallet contracts, Protocol Package on Rujira

Terra Mixer Contract Audit

SCV-Security

September 2022

Original mixer contracts on Terra

The FailSafe audit covered the full Redacted smart contract suite deployed on Rujira — including the Private Reserve (Proxy), Spendable (Sub-Wallet), and shared Protocol Package. 9 findings were identified (1 High, 1 Low, 7 Informational), with all critical issues resolved.

PreviousCompliance NextTokenomics & Revenue

Last updated 9 hours ago

hashtagSystem Overview

hashtagSmart Contract Architecture

hashtagSecurity Properties

hashtagZero-Knowledge Proofs

hashtagWhat ZK Proofs Do NOT Hide

hashtagTechnical Specifications

hashtagBuilt With

hashtagSecurity Audits