Architecture
No backend, no database
Every operation runs in the browser. Tirai stores nothing. The only deployed program is the Cloak Shield Pool.
Privacy-first bounty payouts for Solana whitehats.
Tirai severs the on-chain link between a researcher's identity and the payment they receive using zero-knowledge proofs over the 
Cloak Shield Pool. Observers see nothing. Auditors see what they need.
Built on
Solana- Cloak SDK
- Groth16
- Poseidon
- Phantom
- Solflare
- Surfpool
- Helius
Why Tirai
Whitehat-grade privacy without the operational tax.
Tirai is a thin client over the Cloak Shield Pool. There's nothing to host, nothing to deploy, and nothing in your way.
Cryptography
Groth16 + Poseidon
Zero-knowledge proofs and a Poseidon Merkle tree decouple deposits from withdrawals at the protocol layer.
Wallet UX
Fresh-wallet by default
Researchers receive funds on a brand-new keypair with no prior history. KYC links are severed at the source.
Auditor
Read-only viewing keys
Auditors see the payment, the amount, the label — never the destination wallet. Enforced in code.
Custody
Non-custodial
Tirai never holds keys or balances. Funds move directly between wallets and the Cloak pool.
How it works
One deposit. One withdrawal. No traceable link.
01
Project deposits
Treasury wallet funds the bounty into the Cloak shield pool. A claim ticket is generated and shared off-chain.
02
Cloak pool decouples
Groth16 proofs and a Poseidon Merkle tree break the on-chain link between the depositor and the recipient.
03
Researcher withdraws
Withdrawal lands on a fresh wallet with no prior history. The auditor sees the payment, not the destination.
Privacy boundaries
Three guarantees, enforced cryptographically.
Boundary 1
Project ↔ Researcher
Cloak's shield pool decouples the deposit from the withdrawal. An on-chain observer sees two unrelated transactions.
Boundary 2
Researcher ↔ Public
Fresh-wallet mode delivers funds to an address with no prior history, severing the link to any KYC'd identity.
Boundary 3
Auditor ↔ Researcher
The viewing key is cryptographically scoped to read payment facts only. It cannot trace the destination wallet.
FAQ
Common questions.
- Is Tirai custodial?
- No. Funds move directly between the project's wallet, the Cloak shield pool, and the researcher's wallet. Tirai never holds keys or balances.
- Which chain does Tirai run on?
- Solana mainnet, via the Cloak Shield Pool program. There is no Tirai program — we consume the existing Cloak deployment.
- What can the auditor see?
- Payment amount, date, label, and status. The auditor cannot see the researcher's destination wallet — that field is intentionally absent from the API.
- What if I lose my fresh wallet's secret key?
- The funds are unrecoverable. The save-key dialog blocks progression until you confirm you have stored the key.
Ready to ship
Three roles. Three routes. Zero coordination.
Pick a flow and start exploring. No signup, no API key — every path runs entirely in your browser against the Cloak Shield Pool.