Product · Vesting

Confidential vesting on FHEVM

Per-user manager clones hold encrypted token balances. Schedules live on chain in plaintext (start, end, cliff, interval) while amounts stay opaque to everyone except the operator and the recipient — by ACL grant, not by trust.

Where to start

Interactive · 8 min

Walkthrough

Aria vests her CTO Mira on Sepolia. Four chapters, four real txs. Wallet signs, blocks mine, ACL grants land.

Open

5 flows

Operator flows

Deploy, open, claim, disclose, transfer. Each flow lists the hooks that ship it and the chapter that demos it.

Open

79 hooks

Hooks reference

Nearly every public method on the factory + manager clients ships as a React hook. Browse the catalog or jump to a leaf.

Open

The shape of confidential vesting

One manager per operator

Aria's wallet calls the factory's createManager once. The factory deploys a LibClone with CREATE2 — the clone address is deterministic, the clone is owned by Aria, and every vesting she opens from now on lives inside it. The plaintext (schedule shape, role grants) is on chain; the amounts are encrypted handles.

Vesting = encrypted handle + plaintext schedule

createVesting takes a recipient, a {start, end, cliff, interval}, and an amount. The amount is encrypted client-side via the Zama RelayerWeb before it ever leaves the SDK. The contract stores the ciphertext and grants ACL to the operator + recipient. Anyone else sees a 32-byte handle, nothing more.

Claim picks the right fee branch

Manager clones charge either gas-side or token-side fees. ClaimArgs is a discriminated union by FeeType. Resolve the manager's config once with useManagerFeeInfo, then pass the matching variant — useClaim picks the right argument shape at compile time.

ACL is append-only, on demand

Adding a tax authority or auditor as a viewer doesn't unlock the funds — it just adds their address to the handle's ACL list. SDK hooks like useDiscloseToParty + useBatchDiscloseHandlesToParty cover the common patterns.

Reference

The lookup layer. Every exported type, error class, role, event, and ABI lives in a dedicated table — copy-paste-ready, no MDX prose between you and the import.

Clients

Vanilla TS clients for non-React consumers (Node, workers, tests).

Types

Branded ids, encrypted shapes, args, fee discriminants.

Errors

Typed error classes you can catch by reference.

Events

On-chain events the indexer + UI should listen for.

Roles

Role constants, what each gates, how to grant.

ABIs

Raw ABI exports — drop into wagmi useContractRead.