Safety

One of the most important things for DeFi projects are safety of assets. TONNEL Network uses Smart contracts and Zero Knowledge for the safety of user funds. There is no way a relayer or even the founder of the project could get access to users' funds.

More than 80,000 deposits and withdrawals were processed through the testing stage of TONNEL and not a single asset was stolen or compromised during this process.

What if the Relayer acts malignant?

Don't worry, Relayers have no option of fraud, even if they decide to change the payload of their transaction and put a higher fee for themselves, ZK proof won't allow it and in the contract, it will be reverted. So no one except the secret key owner has the power to set the details of withdraw.

Privacy

Tonnel Network uses Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (also called zk-SNARK) to verify & allow transactions. To process a deposit, TONNEL generates a random area of bytes, computes it through the Sha256 (it is not friendly with zk-SNARKs, but other types of hashes have not yet been added to TVM), then sends the token & the 20 Sha256 hash to the smart contract. The contract will then insert it into the Merkle tree. To process a withdrawal, the same area of bytes is split into two separate parts: the secret on one side & the nullifier on the other side. The nullifier is hashed. This nullifier is a public input that is sent on-chain to be checked with the smart contract & the Merkle tree data. It avoids double-spending for instance.Thanks to zk-SNARK, it is possible to prove the 20 Sha256 hash of the initial commitment and of the nullifier without revealing any information. Even if the nullifier is public, privacy is sustained as there is no way to link the hashed nullifier to the initial commitment. Besides, even if the information about the transaction is present in the Merkle root, the information about the exact Merkle path, and subsequently the location of the transaction, is still kept private. Deposits are simple from a technical point of view, but expensive in terms of gas as they need to compute the 20 Sha256 hash & update the Merkle tree. On the other hand, the withdrawal process is complex but cheaper as gas is only needed for the nullifier hash and the zero-knowledge proof.

In summary, privacy of users are guaranteed if they wait enough time between their deposit and withdraw and also if they follow these steps.