0xbow.io redesign

https://github.com/EmaCorons/0xbow-io-challenge - private repo, request access (private for security reasons).

0xbow — Private Payroll on Privacy Pools v2

Pay your team on-chain without publishing salaries — with a compliance proof on every payout.

What it is

A private-payroll application built on 0xbow's Privacy Pools v2 SDK. A company funds a shielded pool from its treasury, then pays employees and contributors on-chain without exposing who got paid, how much, or when — while every payout still carries an Association-Set (ASP) compliance proof. It ships as two surfaces: a marketing landing page and a working payroll dashboard.

Privacy for the world, accountability for the regulator.

The problem

Salaries are the textbook case for needing both privacy and compliance. On a public chain, every payroll transaction leaks each employee's pay, plus the company's burn rate and headcount to competitors. But a plain mixer is a non-starter — it's a regulatory and AML/sanctions failure. Teams are forced to choose between exposure and compliance. Privacy Pools v2 resolves that tension, and this app turns it into a product a finance team could actually operate.

What it does

1. Fund a shielded pool — a real on-chain deposit from the connected wallet on Sepolia, screened by 0xbow's ASP.
2. Run private payroll — add recipients or import a CSV (name,address,amount); one private payout per recipient.
3. Prove compliance per payout — each payout shows a ✓ ASP screened attestation; spends prove their funds belong to the approved association set.
4. Treasury accounting — the dashboard tracks the real available balance, persists it across runs, and locks payout if a run exceeds the balance.
5. Multi-wallet — MetaMask, Coinbase Wallet, WalletConnect, and any EIP-6963 browser wallet (Trust, Rabby, …), with an account panel (balance, network, disconnect).
6. Compliance & auditor view — an attestation-coverage panel plus an "operator view vs. what the world sees" comparison: the operator sees recipients and amounts; the public ledger shows only blurred entries with a ✓ ASP stamp.

How it works

1. Connect & set up an account — the user connects a wallet and signs an EIP-712 message. The SDK derives the account's protocol keys (nullifying / revocable / viewing) from that signature, and a one-time on-chain keystore registration records them.
2. Deposit into the pool — prepareDeposit generates a Groth16 ZK proof in the browser (circuit artifacts fetched from IPFS) and an ASP-screening ciphertext encrypted to 0xbow's ASP public key; the user's wallet submits the deposit transaction on Sepolia.
3. Pay out privately — funds are paid to recipients from the pool; the link between the deposit, the amounts, and the recipients is cryptographically broken, while each spend proves ASP membership.
4. Stay auditor-ready — amounts and recipients stay private on-chain, but the compliance attestation is provable to an auditor.

Compliance model (the differentiator)

Old mixers pooled clean money with dirty money — which is why they got sanctioned. Privacy Pools v2 inverts the model: only screened deposits ever enter the pool. This app makes that visible — every payout is provably from the approved association set, without revealing sender, recipient links, or amounts. The auditor gets the proof; no one gets the details.

Tech stack

Next.js 14 (App Router) · wagmi / viem · Tailwind v4 · @0xbow-io/privacy-pools-v2-sdk (snarkjs Groth16, in-browser proving) · Sepolia testnet. The app is fully client-side — proofs are generated in the browser and submitted by the user's own wallet.

Status

• ✅ Real on-chain deposit — ASP-screened, in-browser proof, submitted on Sepolia. Multi-wallet, CSV import, treasury accounting + payout lock, and the compliance/auditor view are all working.
• ⏳ Payout out of the pool — the spend path is wired to the SDK but needs a 0xbow relayer endpoint (for gas-private submission); until that's available it runs in a clearly-labeled demo mode. The full payroll loop completes the moment a relayer URL is provided.

What's next

• Wire live payout once a relayer endpoint is available.
• On-chain treasury balance via SDK note discovery (vs. local accounting).
• Recurring/scheduled runs and multi-asset (USDC, EUR-stable) payroll.