Confidential Sealed-Bid Auctions on Arbitrum · Powered by iExec Nox
ShadowBid is a sealed-bid auction protocol where bid amounts are hidden from all participants using iExec Nox Confidential Tokens. No bidder can see what anyone else has offered. Only the winner is revealed - after everyone has already committed.
Every existing on-chain auction is public. When you bid, everyone watching the chain can see your amount. Later bidders outbid you by the smallest possible increment. This breaks the core promise of a sealed-bid auction.
ShadowBid fixes this: bids are committed as hashes, and winning payouts are wrapped into iExec Nox Confidential Tokens - so the settlement amount is never exposed on the public ledger.
Bid Phase Reveal Phase Settlement
───────────── ──────────────── ──────────
Bidder commits Deadline passes Highest reveal
hash(amount, Each bidder reveals wins auction
salt, address) (amount + salt)
+ deposits USDC Contract verifies Auctioneer receives
hash matches winning amount
wrapped as cToken
Invalid reveals (confidential)
are ignored
Losers claim
full USDC refund
At settlement, the winning USDC amount is wrapped into an iExec Nox Confidential Token via IConfidentialWrapper.wrap(). The auctioneer receives a confidential token - the settlement amount is hidden from the public ledger. This is the core Nox integration: the winning bid becomes a private, auditable, confidential asset.
| Contract | Address | Verified |
|---|---|---|
ShadowBidFactory |
0x11E0c320515F9B14c07d474CD26a91F0506e28A0 |
Sourcify |
MockConfidentialWrapper |
0x0484aAb961bA9DBcFcDEe4aAeAb7ee57516ABF0f |
Sourcify |
MockUSDC |
0x8C07bF0A9A9c1f2c56B2a9441022015084912E5F |
Sourcify |
contracts/
├── ShadowBidFactory.sol # Deploys and indexes all auction vaults
├── ShadowBidVault.sol # Core auction: commit → reveal → settle
├── interfaces/
│ └── IConfidentialWrapper.sol # iExec Nox ERC-7984 wrapper interface
└── mocks/
├── MockUSDC.sol # Testnet USDC (mintable faucet)
└── MockConfidentialWrapper.sol # Nox wrapper simulation for testing
OPEN → (bid deadline) → REVEAL → (reveal deadline) → SETTLED
↓
Auctioneer: cToken (confidential)
Losers: USDC refund
Winner: excess deposit returned
- Node.js >= 18
- Hardhat v3
- MetaMask on Arbitrum Sepolia
- Arbitrum Sepolia ETH from faucet.triangleplatform.com
git clone https://github.com/Ted1166/shadowbid.git
cd shadowbid/contracts
npm installnpx hardhat testAll 23 tests pass across: Factory, Auction state, Bid phase, Reveal phase, Settlement, Cancellation, and getInfo.
export ARBITRUM_SEPOLIA_RPC_URL=https://sepolia-rollup.arbitrum.io/rpc
export DEPLOYER_PRIVATE_KEY=0x_your_private_key
npx hardhat ignition deploy ignition/modules/ShadowBid.ts --network arbitrumSepolia- Create auction - set item name, reserve price, bid duration, reveal duration
- Wallet A bids - enters 250 USDC, app generates salt and commitment hash, submits on-chain
- Wallet B bids - enters 180 USDC — neither bidder sees the other's amount
- Bid phase ends - anyone calls
openRevealPhase() - Both wallets reveal - submit
(amount, salt), contract verifies hashes - Settle - Wallet A wins (highest reveal), auctioneer receives 250 USDC wrapped as cToken
- Wallet B claims refund - 180 USDC returned
Standard on-chain auctions expose every bid publicly. iExec Nox Confidential Tokens give us hidden balances via Trusted Execution Environments - settlement amounts are processed without appearing as plaintext on the public chain.
This makes ShadowBid's privacy guarantee cryptographically enforced at the settlement layer, not just a front-end convention.
MIT