1. ZK proofs on a hackathon timeline
Generating and verifying ZK proofs server-side, then submitting them from a burner wallet so the winner's real address never touches the claim transaction. Getting the circuit, proof generation, and on-chain verifier to agree took significant iteration.

2. The off-chain/on-chain split
The whole point is that bids never appear on-chain, but Ethereum needs something to verify. Designing the nullifier scheme (bidders commit a hash on-chain, the backend knows the preimage, the winner proves knowledge without revealing it) required careful architecture so neither side could cheat.

3. Stealth address key derivation
Deriving spending and viewing keypairs deterministically from wallet signatures — without ever sending private keys to a server. The secp256k1 point multiplication needed to generate real uncompressed public keys is not natively available in the browser.

4. BitGo custody for private ETH deposits
Each bidder gets a unique deposit address so their ETH can't be correlated on-chain. Integrating BitGo's wallet API to generate these addresses, track confirmations, and route payouts to stealth addresses added a whole backend layer that most Ethereum projects don't need.

5. Auction phase state machine
Five phases (commit → settle → ended → claimed / cancelled) each with different UI, different allowed actions, and live on-chain polling. Keeping the frontend consistent across all states without race conditions was genuinely fiddly.