DarkDrop
First browser-native ZK drops on Solana
The problem DarkDrop solves
On Solana, every transfer exposes the sender, the recipient, the funding source, and the full transactional graph. This makes even simple actions like sending rewards, refunds, bonuses, reimbursements, or private payouts fully traceable. Account-based transparency creates several problems: internal treasury wallets become public, distribution patterns are revealed, and recipients can easily link the origin of funds. For many teams, creators, and protocols, this removes operational privacy they expect in real-world financial systems.
DarkDrop v2 addresses this by introducing an unlinkable, compression-friendly drop-claim mechanism that breaks the direct visibility between who sends value and who receives it. Instead of sending a transfer on-chain, a payer creates a “drop” using compressed state and lightweight metadata. A recipient can then claim the drop independently. This separation removes the traditional sender → recipient linkage that explorers and indexers rely on.
The system provides a practical privacy rail without requiring deposits, mixers, or heavy zk systems. Because drops are created and claimed as separate actions, treasury movements and distribution operations no longer expose their origin. Teams can distribute incentives, creators can send private gifts, and protocols can deliver rewards without revealing internal wallets or operational flows.
DarkDrop v2 makes existing tasks safer and more flexible by providing:
- A sender-anonymous way to transfer value without revealing the funding wallet.
- An operational layer that hides internal treasury patterns and team activity.
- A private distribution mechanism suitable for rewards, referrals, refunds, and bounties.
- A compression-compatible architecture that keeps costs low and scalable.
- A simple claim model that users can interact with from any wallet without additional setup.
By decoupling the act of paying from the act of receiving, DarkDrop restores a level of privacy that is normal in traditional finance but missing on public blockchains. It offers a realistic, adoptable approach to privacy on Solana that works today, without requiring complex cryptography or trust assumptions.
Challenges I ran into
Challenges we ran into
Building DarkDrop v2 required solving several non-obvious issues at the intersection of privacy design, compressed state, and Solana’s account model.
-
Handling PDA collisions and deterministic nullifier mapping
A nullifier must represent a one-time claim while still being unlinkable to either the payer or the recipient. Early versions ran into PDA collisions when creating multiple drops in rapid succession. We resolved this by enforcing deterministic seed rules and adding a dedicated rate_limit PDA to guarantee spacing between drops without leaking sender identity. -
Designing an expiration system that is safe and predictable
Compressed state does not provide the same account lifecycle guarantees as standard accounts. Implementing expirations required strict timestamp validation and ensuring that expired drops couldn’t be force-claimed. We introduced explicit status transitions (Active → Claimed or Expired) and enforced them at the program level. -
Preventing metadata leakage through the claim flow
Even if the drop mechanic is private, the claim path can unintentionally reveal patterns. Early tests showed that using shared PDAs for multiple flows exposed timing correlations. By binding each drop and nullifier to isolated PDAs, we removed cross-drop visibility and ensured that claims are independent events. -
Balancing privacy constraints with developer ergonomics
The system needed to remain usable from lightweight clients and Node-based scripts without requiring zk tooling or third-party services. We refined the API to rely only on deterministic inputs (nullifier, recipient, amount) so client-side code could be kept simple while still respecting the privacy model. -
Making the explorer experience readable without exposing internals
Drops and claims are intentionally minimal, but this caused early confusion on Solana Explorer where transactions appeared as “Unknown Instruction.” We added clear program logs and events so developers could introspect flows without revealing any sensitive relationships between payer and recipient. -
Ensuring upgrades do not break privacy guarantees
Because future versions (including v3 nullifier enhancements) require controlled upgrades, we had to design an upgradeable program without introducing centralization risk. This led to the implementation of a delayed authority-change system, preventing instant takeovers or rushed upgrades.
By working through these challenges, DarkDrop v2 became a stable, predictable privacy rail that behaves consistently under load, respects Solana’s constraints, and provides a practical foundation for future zk-enhanced versions.
Tracks Applied (5)
General Bounty
Network School
Privacy Infrastructure & Developer Tools
Electric Coin Company
Self-Custody & Wallet Innovation
Osmosis
Private Payments & Transactions
Osmosis
General Bounty
Project Tachyon
Technologies used
Cheer Project
Cheering for a project means supporting a project you like with as little as 0.0025 ETH. Right now, you can Cheer using ETH on Arbitrum, Optimism and Base.