Since the base layer supports a stateless VM, there is no contract address that allows deposit/withdrawal while maintaining a global state. Hence, the "pool" in Twilight pool is not a contract address with custody of tokens but a list of independently locked transactions that are treated as a pool. The transactions are locked to a relayer, as a promise to participate in the pool, with a timelock in case of a dispute. The
poolshareis calculated over encrypted state, made available in the
txlog, by the relayer and is auditable in zero knowledge.
The contract design follows the principal of N parties cooperating over pre-defined scripts, first introduced by Gregory Maxwell in his Taproot Proposal. Twilight does not achieve scripts privacy though, as the scripts are later revealed to the
verifierin the bytecode of the transaction.
Twilight pool is the sum of all the independently locked
LendTx, where the value locked is hidden by a pedersen commitment. Since Twilight is a single token pool, the
TLVis determined by adding all the available pedersen commitments from individually locked
Every lock/unlock for
LendTxchanges the state of
TLVand the most recent state is published in
txlog. Since the value is committed,
TLVremains private and is only revealed in case of a dispute. Please refer to zk-Matchbook for construction details: