Products

Confidential Airdrop

A pull-model airdrop: the admin signs an encrypted claim authorization per recipient, and recipients claim from a self-contained link. Amounts and pool size stay hidden onchain.

How it works

An airdrop is a pull distribution: you authorize each recipient, and they come and claim. Launching a campaign runs three onchain actions:

1

Approve the operator

Approve the airdrop factory as an ERC-7984 operator so it can move your tokens (setOperator(airdropFactory, deadline)).
2

Deploy and fund

Deploy an airdrop clone for this campaign and fund it with the pool.
3

Sign allocations

Sign one encrypted allocation authorization per recipient. Each is encrypted to that recipient and bound to their address.

Every recipient gets a self-contained claim link. There is no backend: the link itself carries the encrypted amount, its input proof, and your signature.

Claim link
https://your-app.example/dashboard/portfolio/airdrop?t=eyJhIjoiMHhBaXJkcm9wIiwiciI6IjB4UmVjaXBpZW50IiwiaCI6IjB4SGFuZGxlIn0

The token in the t parameter is base64url-encoded JSON that includes:

  • the airdrop clone address and the recipient address,
  • the encrypted amount handle and its Zama input proof,
  • the admin's signature over the recipient and handle, and an optional label, symbol, and decimals.
The input proof is bound to the recipient, and the signature is single-use and replay-protected onchain, so a link only works for its intended wallet and only once.

Fast mode

By default you sign each authorization in your wallet, one prompt per recipient. Fast mode trades those prompts for a single setup transaction: it creates an ephemeral session key that signs every authorization locally.

Do not revoke the session key early

Fast mode grants an in-memory session key the campaign's admin role. The key never leaves your browser and keeps its role until you revoke it from campaign management. Revoking it before the claim window closes invalidates any links recipients have not claimed yet. Revoke it only after the window ends.

Managing a campaign

After launch, each campaign appears in your campaign list (Live, Paused, Scheduled, or Ended), discovered automatically from onchain events. From there you can:

  • Pause or unpause claims.
  • Extend the claim window, if you allowed that when configuring the campaign.
  • Withdraw remaining tokens after the window closes.
  • Revoke the fast-mode session key once claims are done (mind the warning above).
  • Rescue tokens that were sent to the campaign by mistake.
If a launch step fails partway through, keep the tab open: relaunching reuses the funded campaign and skips recipients who already got a claim link. That progress lives only in the open tab, so closing or reloading it loses the remaining links; there is no resume action from campaign management. The deployed campaign itself is still discoverable onchain and safe to pause, extend, or withdraw from.

What stays hidden

Allocation amounts and the total pool size are encrypted onchain. Recipient addresses remain visible, as in any ERC-7984 token.