Introduction
Fhenix-FairMarket is a decentralized, privacy-preserving sealed-bid auction protocol designed to resolve the fundamental tension between absolute privacy and economic viability in on-chain markets. By transitioning from expensive, synchronous on-chain Fully Homomorphic Encryption (FHE) to an Asynchronous FHE Coprocessing (CoFHE) model backed by EigenLayer AVS for economic verification, the protocol reduces gas overhead by ~99.9% while maintaining mathematical integrity and eliminating trusted intermediaries.
The Core Challenge
Traditional on-chain sealed-bid auctions face four critical architectural flaws that have historically limited adoption:
- Gas Explosion: On-chain FHE comparisons incur
10x–100xcomputational overhead. - Deposit Lockup: Sequencer failures or fixed timeouts trap user funds indefinitely.
- Push-Based Refund Risks: Loop-based payouts are vulnerable to Out-of-Gas (OOG) errors and reentrancy attacks.
- Session Key Exposure: Storing encryption permits in
localStoragecreates XSS theft vectors. - Verification Bottlenecks: Heavy ZK-circuit proofs slow finality and increase infrastructure costs.
️ Architectural Innovations
| Innovation | Technical Implementation |
|---|---|
| O(1) On-Chain Storage | Only a bytes32 ciphertext hash is stored per bid. All FHE comparisons are offloaded to the CoFHE layer. |
| Asynchronous CoFHE Processing | Replaces synchronous on-chain decryption with an event-driven DecryptionRequested dispatch model. |
| EigenLayer AVS Verification | Economic security replaces heavy ZK-proofs. Operators cryptographically sign results; fraud proofs enable fast finality and automatic slashing. |
| Pull-over-Push Refunds | Individual claimRefund() calls with hasWithdrawn mapping eliminate OOG risks and reentrancy vectors. |
| Dynamic Dead Man’s Switch | A Moving Time Average threshold auto-triggers a VOIDED state and 100% fund recovery during sequencer outages. |
| ERC-4337 Session Keys | Ephemeral, memory-only permits enable 1-Click trading without repeated wallet pop-ups or browser storage risks. |
Protocol Workflow
- Escrow Lock: Bidders publicly deposit a ceiling amount via
lockEscrow(). - Encrypted Bid Submission: Client-side
@cofhe/sdkencrypts the bid. The contract verifies solvency viaFHE.lte(encryptedBid, escrowBalances[msg.sender])and stores only the hash. - Async Finalization: At
endTime, a Keeper triggerstriggerFinalize(), emitting aDecryptionRequestedevent. - Off-Chain Processing & Verification: FHEOS computes the winner. EigenLayer AVS operators collect signatures and submit a fraud-proof-backed resolution.
- Settlement & Refund:
submitResolution()verifies the AVS proof, transitions the state toFINALIZED, and opens the pull-based refund path for non-winners.
️ Technical Stack
| Layer | Technology |
|---|---|
| Smart Contracts | Solidity ^0.8.25, UUPS/EIP-1967 Proxy, Hardhat ^2.19 |
| FHE & Coprocessing | @fhenixprotocol/cofhe-contracts, @cofhe/sdk ^1.2.0 |
| Verification | EigenLayer AVS + Fraud Proofs |
| Frontend & UX | Next.js 14, Wagmi v2, Viem v1, ERC-4337 (Account Abstraction) |
| Infrastructure | Gelato/Chainlink Keepers, Docker, OpenZeppelin Defender, Redis |
️ Security & Audit Readiness
The protocol enforces a strict Audit Gate Matrix across 6 execution phases. All P0 security items—including proxy isolation, zero plaintext event leakage, dynamic timeout logic, and AVS fraud proof verification—must pass before progression to the next phase.
The system operates on a Funds Over Privacy principle: in extremis, EmergencyHalt prioritizes capital recovery over cryptographic privacy, automatically freezing encryption, opening public refund paths, and returning NFTs to sellers.
Next Steps
- Explore the System Architecture to understand CoFHE data flows and state transitions.
- Review the Security Model for threat vectors and mitigation strategies.
- Jump to the Technical Components for contract-level references and function signatures.