Overview

Fhenix-FairMarket is a decentralized, privacy-preserving sealed-bid auction protocol engineered to resolve the fundamental tension between absolute bid confidentiality and economic scalability in on-chain markets. By transitioning from synchronous, gas-intensive on-chain Fully Homomorphic Encryption (FHE) to an Asynchronous FHE Coprocessing (CoFHE) model backed by EigenLayer AVS for economic verification, the protocol reduces computational overhead by ~99.9% while guaranteeing mathematical integrity, eliminating trusted intermediaries, and ensuring automatic fund recovery under network stress.

Protocol Vision

Traditional blockchain auctions suffer from excessive transparency, enabling MEV front-running, bid sniping, and shill bidding. Fhenix-FairMarket replaces “trust in code” with “trust in cryptographic proof”, allowing participants to submit fully encrypted bids (Ciphertext) that remain mathematically sealed until settlement. The system operates on a strict Funds Over Privacy principle: in extreme failure scenarios, capital recovery is prioritized before cryptographic privacy.

Core Problems & Architectural Fixes

Traditional Flaw	Fhenix-FairMarket v2.0 Solution
Gas Explosion (`10x–100x` from on-chain FHE comparisons)	`O(1)` on-chain storage + Off-chain CoFHE dispatch. Only `bytes32` ciphertext hashes are stored on-chain.
Deposit Lockup on Sequencer/AVS failure	Dynamic Dead Man’s Switch using `Moving Time Average` of `block.timestamp`. Auto-transitions to `VOIDED` for 100% recovery.
Push-based Refund vulnerabilities (OOG, Reentrancy)	Pull-over-Push settlement via `claimRefund()` with `hasWithdrawn` mapping. State updates precede fund transfers.
Session Key Theft via `localStorage`	ERC-4337 Ephemeral Session Keys with 24h TTL, stored in secure memory only. No persistent browser storage.
Expensive ZK-Proof verification	EigenLayer AVS + Fraud Proofs. Cryptoeconomic security replaces heavy circuits, enabling fast finality and automatic slashing.

️ System Architecture

The protocol is structured into four decoupled layers, ensuring upgradeability, security isolation, and linear scalability:

UX & Abstraction Layer: Next.js frontend + ERC-4337 Account Abstraction. Enables 1-Click Trade interfaces with optimistic UI updates and progressive disclosure of technical complexity.
Smart Contract Layer: UUPS/EIP-1967 proxy pattern separates logic from storage. Core logic interacts with FHE exclusively through CofheAdapter.sol, preventing SDK upgrade breaks.
Off-Chain Coprocessing Layer: Keepers (auctionMonitor → cofheDispatcher → avsSubmitter) watch for endTime, batch ciphertexts to FHEOS servers, and return encrypted results.
Verification & Settlement Layer: EigenLayer AVS operators cryptographically sign results. Fraud Proofs validate correctness before submitResolution() transitions state to FINALIZED or VOIDED.

️ Technical Stack

Layer	Technology	Version / Spec
Smart Contracts	Solidity, Hardhat, OpenZeppelin Upgradeables	`^0.8.25` / `^2.19` / UUPS Proxy
FHE & Coprocessing	`@cofhe/sdk`, `@fhenixprotocol/cofhe-contracts`	`^1.2.0` / `^0.2.0`
Verification	EigenLayer AVS + Fraud Proofs	Cryptoeconomic Threshold Signatures
Frontend & UX	Next.js, Wagmi, Viem, ERC-4337	`14` / `v2` / `v1` / Smart Accounts
Infrastructure	Keepers, Docker, Redis, Gelato/Chainlink	Self-paying automation + Distributed locking
CI/CD & Security	Slither, Mythril, Playwright, Tenderly	Static analysis, E2E, Load testing (50 concurrent auctions)

️ Security & Economic Principles

Threat Matrix & Mitigations

Bid Value Leakage: Zero plaintext values in Events or Storage. Enforced via CI linting.
Reentrancy in Refunds: Pull over Push pattern. hasWithdrawn set to true before call{value: amount}.
Race Conditions: nonce + blockhash gating + Redis distributed locks for Keepers.
Upgrade Manipulation: UUPSUpgradeable restricts upgradeToAndCall to multisig only. 48h Timelock enforced.
Sequencer/AVS Failure: DynamicTimeout auto-triggers triggerFallbackVoid(), returning NFTs and releasing escrow.

Economic Model

Stream	Allocation	Purpose
Auction Success Fee	`0.5%` of winning bid	Protocol sustainability
Keeper Bounty	`0.2%` of winning bid	Incentivizes liveness & auto-execution
Protocol Treasury	`60%` of net fees	Development, maintenance, infra
Insurance Fund	`20%` of net fees	Nexus Mutual / capital protection
Developer Grants	`15%` of net fees	Community incentives & research
Bug Bounty	`5%` of net fees	Immunefi rewards for ethical hackers

️ Execution Roadmap

Development follows a strict 6-Phase Execution Roadmap with hard Audit Gates. Any P0 security failure halts progression to the next phase. No exceptions.

Phase	Focus	Duration	Key Deliverable
Phase 1	Architectural Foundation	10–14 days	UUPS Proxy, CofheAdapter, State Machine, ≥70% test coverage
Phase 2	Encrypted Security & Settlement	12–16 days	FHE solvency check, Pull refunds, Dynamic Dead Man’s Switch, SlashedPot
Phase 3	CoFHE & AVS Integration	14–18 days	Async event flow, Keeper services, EigenLayer AVS verification, Mock fraud proofs
Phase 4	Keepers & Infrastructure	10–12 days	Batch processing, Race condition prevention, Docker stack, CI/CD pipelines
Phase 5	Frontend & UX 2.0	12–15 days	ERC-4337 session keys, Optimistic UI, Confidence Dashboard, E2E tests
Phase 6	Testnet Deployment & Audit	10–14 days	Fhenix Testnet launch, KPI monitoring, Chaos engineering, External audit package

️ Critical Note: Parallel development is permitted only for Phase 5 (using mock ABIs), but integration is blocked until Phase 3 passes. All P0 items from the Audit Readiness Matrix must be verified before any deployment.

Next Steps

Explore the System Architecture for detailed CoFHE data flows and state transitions.

Review the Security Model for threat vectors, emergency protocols, and audit gates.

Jump to the Technical Components for contract-level references and function signatures.