CipherWrap
Zama Developer Program · Season 3 · Sepolia

CipherWrap

The Zama Confidential Token Wrappers Registry — explored, classified, and made usable. Wrap ERC-20s into FHE ciphertexts. Decrypt only with your EIP-712 permit.

Start Guided DemoExplore Registry
Live registry readsReal EIP-712 decryptTwo-phase unwrap41 unit tests passing
Scroll to explore
The problem

On-chain balances are public by default

Every ERC-20 balance is a plain integer, readable by any node, block explorer, or smart contract. Zama's Fully Homomorphic Encryption solves this at the protocol level with ERC-7984 confidential wrappers.

BEFORE — ERC-20
balanceOf(0xYou)
→ 1000000000    // visible
                 // to everyone

Any wallet, DEX aggregator, MEV bot, or block explorer can see your exact balance at any block height, forever.

AFTER — ERC-7984
confidentialBalanceOf(0xYou)
→ 0x3f8a9c…d2e1  // ciphertext
                   // only you can
                   // decrypt

An FHE ciphertext handle. Unreadable to anyone — including the contract owner — without an explicit EIP-712 user-issued permit.

The mechanism

How ERC-7984 + FHE works

Three steps. The hard cryptography runs in Zama's FHE network, not your wallet.

1

You hold a plaintext ERC-20

Your ERC-20 balance is a public uint256 on-chain. Any observer can read it.

2

Wrap → FHE ciphertext

CipherWrap calls wrap() on the ERC-7984 contract. Your tokens are deposited and your balance becomes an encrypted ciphertext handle — unreadable to anyone without your explicit permit.

3

Decrypt only for you

You sign a free EIP-712 permit off-chain. The Zama FHE network produces a user-specific decryption. Only the permit holder can read the result.

Registry Intelligence

Live. Classified. Defended.

CipherWrap reads the registry contract on every page load and runs a classification pass over all returned pairs — including revoked, unknown, and duplicate entries.

Live registry reads

getTokenConfidentialTokenPairs() called on every load. Never cached static data.

isValid enforced everywhere

Revoked pairs remain visible but wrap / unwrap is disabled — exactly as the spec requires.

Duplicate detection

ctGBP and ctGBPMock share an underlying symbol. Both are flagged in the registry browser.

Unknown entry caution

Addresses not in our verified list are displayed with a caution badge — never hidden, never crashing.

Guided Demo

Wallet to decrypted balance, guided

A judge-friendly walkthrough with progress tracking, calm error handling, and honest tx states at each step.

01

Connect wallet

MetaMask / injected

02

Mint test tokens

Public mock faucet

03

Approve

ERC-20 allowance

04

Wrap

FHE-encrypt on-chain

05

Decrypt balance

EIP-712 permit, zero gas

06

Unwrap

Two-phase finalization

Start Guided Demo
Developer Kit

Copy-paste ready snippets

Real addresses. Real ABIs. Real hook signatures from @zama-fhe/react-sdk. Generated for every pair in the registry.

TypeScript · @zama-fhe/react-sdk
// Approve + Wrap (shield)
const { mutate: approve } = useApproveUnderlying(
  '0x7c5BF43B851c1dff1a4feE8dB225b87f2C223639'
)
const { mutate: shield } = useShield({
  address: '0x7c5BF43B851c1dff1a4feE8dB225b87f2C223639'
})

// Decrypt confidential balance (EIP-712, zero gas)
const { data: balance } = useConfidentialBalance(
  { address: WRAPPER, account: userAddress },
  { enabled: hasPermit === true }   // bigint — only for you
)

// Unwrap — real two-phase flow
const { mutate: unshield } = useUnshield(WRAPPER)
unshield({
  amount,
  onUnwrapSubmitted:   (tx) => console.log('Phase 1:', tx),
  onFinalizeSubmitted: (tx) => console.log('Phase 2:', tx),
})
Full Developer Kit →Browse Registry

Ready?

Wrap your first confidential token

Open Guided Demo →

No mainnet. Sepolia testnet only. Connect MetaMask to begin.