🏆 Akindo "Private By Design" dApp Buildathon — Wave 4 Submission
Track: RWA & Compliance · DeFi & Lending · Privacy Infrastructure
FheForge brings fully homomorphic encryption (FHE) to DeFi, letting you build, manage, and automate encrypted financial strategies — without exposing your positions to the world. Supply, borrow, swap, and liquidate with amounts that stay encrypted on-chain. Only you control who can decrypt and verify your position.
🔗 Live app: ui-chi-ashy.vercel.app
🔗 API: fheforge-api-production.up.railway.app
🔗 Source: github.com/symulacr/FheForge
🔗 Release: v1.2.0 — Buildathon submission
-FF0000?style=for-the-badge&logo=youtube){kind=icon}
[Screenshots pending — record with Loom/OBS at 1440×900 per the demo script in
docs/demo-video-script.md]
Try the live demo — no install required:
- Open ui-chi-ashy.vercel.app with MetaMask on Arbitrum Sepolia
- Connect your wallet and deposit collateral (faucet tokens available)
- Build a strategy using the visual ReactFlow canvas or describe it to the AI
- Deploy and watch your encrypted position execute
To run locally:
git clone https://github.com/symulacr/FheForge.git
cd contracts && npm install && node scripts/test-hardened.js
cd ../ui && bun install && bun dev
cd ../backend/apps && bun install && bun start:devToday's DeFi is a glass house. Every position, swap, and liquidation is public on-chain. Anyone can see:
- Your wallet balance and all your trades — no privacy, no discretion
- Your liquidation risk in real time — bots front-run your healthy positions
- Your strategy's every move — MEV searchers extract value from your transactions
This isn't just an inconvenience. It's a structural barrier to institutional adoption. Funds, banks, and regulated entities cannot operate with full public visibility.
Fully Homomorphic Encryption (FHE) lets smart contracts compute on encrypted data without ever decrypting it. Users deposit encrypted amounts; the contract runs supply, borrow, and swap logic on ciphertexts; only the user can reveal their own position.
| Problem | ZK | MPC | TEE | FHE (FheForge) |
|---|---|---|---|---|
| Private input to contract | ✓ (proof) | ✓ (multi-party) | ✓ (hardware) | ✓ (direct) |
| On-chain compute on private data | ✗ | ✗ | ✓ (trusted hw) | ✓ (native) |
| No trusted setup or hardware | ✓ | ✓ | ✗ | ✓ |
| Selective disclosure | ✓ | ✓ | ✓ | ✓ (signed permit) |
| Composability with existing DeFi | Partial | Partial | Partial | ✓ (CoFHE) |
| No latency overhead | ✗ (off-chain) | ✗ (rounds) | ✓ | ∼ (CoFHE ~1 block) |
FHE is the only technology that allows private, on-chain computation without trusted hardware, trusted parties, or moving execution off-chain.
This project is submitted to the Akindo "Private By Design" dApp Buildathon (Wave 4):
| Field | Value |
|---|---|
| Project Name | FheForge |
| Track | RWA & Compliance · DeFi & Lending · Privacy Infrastructure |
| Category | DeFi, RWA Tokenization, Privacy Infrastructure |
| Tags | FHE, CoFHE, Fhenix, Encrypted-DeFi, Privacy, RWA, Lending, Liquidations, Strategy-Vault |
| Demo URL | ui-chi-ashy.vercel.app |
| Repo | github.com/symulacr/FheForge |
- Live App — Connect wallet on Arbitrum Sepolia and try it
- Deployed Contracts — Verified on Arbiscan
- Architecture — End-to-end system design
- Test Results — 102 passing tests (Forge + Hardhat)
- Known Issues — Transparency on limitations
- Demo Video — Walkthrough
FheForge is purpose-built for Track 1: RWA & Compliance. Here's how encrypted DeFi unlocks real-world asset markets:
- Private credit scores — Borrow against RWA collateral without publishing your creditworthiness to the world
- Confidential RWA ownership — Tokenized real estate, private credit, and invoice financing remain private
- Selective auditor disclosure — Reveal position details to regulators or auditors only via signed permits
- Encrypted strategy automation — Auto-manage RWA portfolios (rebalance, roll, harvest) without exposing positions
Example: A real estate tokenization fund manages 1,000+ investor positions. Using FheForge, each investor's holdings, yield, and liquidation risk are encrypted. The fund can still compute total collateral and manage liquidations — but no one sees individual positions except the owner.
graph TB
subgraph "USER"
BROWSER["Browser / Wallet<br/>(MetaMask, Rabby)"]
end
subgraph "UI — Next.js 14"
WAGMI["Wagmi + Viem<br/>Wallet + Chain"]
COFHE["@cofhe/react SDK<br/>Encrypt/Decrypt"]
BUILDER["ReactFlow<br/>Strategy Canvas"]
NEXT["Next.js App Router"]
end
subgraph "BACKEND — NestJS"
API["REST API"]
AI["Gemini AI Builder"]
STRAT["Simulation Engine"]
SUPA["Supabase / PostgreSQL"]
end
subgraph "BLOCKCHAIN — Arbitrum Sepolia"
COMPOSER["FheForgeComposer"]
VAULT["StrategyVault"]
LENDING["LendingPool"]
SWAP["SwapRouter"]
ORACLE["PriceOracle"]
REG["StrategyRegistry"]
end
BROWSER --> NEXT
BROWSER --> WAGMI
WAGMI --> COFHE
NEXT --> BUILDER
NEXT --> API
API --> AI
API --> STRAT
API --> SUPA
WAGMI --> COMPOSER
WAGMI --> VAULT
WAGMI --> LENDING
WAGMI --> SWAP
COFHE --> COMPOSER
COMPOSER --> VAULT
COMPOSER --> LENDING
COMPOSER --> SWAP
COMPOSER --> ORACLE
Data flow: User builds a strategy in ReactFlow → Backend parses and simulates it → User confirms → Frontend calls FheForgeComposer → Composer orchestrates Vault/LendingPool/SwapRouter with encrypted amounts.
Infrastructure: Grafana + Prometheus (planned for production deployment).
| Contract | Address |
|---|---|
| StrategyVault | 0x75c7D581d9c408B93Bf6FB43aF3ECbe6FF5EEB1A |
| LendingPool | 0x4F0508ca71a5Dae2C49FD9307a507f74DE90DD72 |
| SwapRouter | 0x56d08512c95562Ea3F70Bc16E0a0379E3632221B |
| StrategyRegistry | 0x4e0414204972C9127E7eef2aeA5493e6E4D44914 |
| PriceOracle | 0xfA7B1f68c66AEf1BDC0981465ee5E29E456Da12C |
| FheForgeComposer | 0x9892D8CaEB4a2ab4Dba10126a2f49D2aD5807b2C |
| ExecutorContract | 0x133Fd65cB314f7FD6de1A6c9b5ad41324e231aD9 |
| TokenRegistry | 0x70F4EF1606dEa8d504C136166A20d079ffb33eDA |
| StrategyExecutor | 0xf7C9f931CAC1658e60003eFbbE840d74e312529c |
| WETH (mock) | 0x84BddCAfaccbBDBc0e3F1CAcCDd352EBf5e40A32 |
| USDC (mock) | 0x150376EdEbc5AC48771655a61a795d828BeC8Df6 |
- StrategyVault — Open, add to, and close positions with encrypted
euint128collateral - LendingPool — Supply, borrow, repay, withdraw — all amounts encrypted
- Smart liquidations — Liquidate undercollateralized positions, borrow with oracle price checks
- SwapRouter — Intent-based AMM with encrypted
amountIn/minOut - StrategyRegistry — Register and discover strategies with encrypted TVL tracking
- DeFi Builder — Visual ReactFlow canvas to compose strategies (SWAP → SUPPLY → BORROW)
- AI Strategy Generator — Describe your goal in plain English; Gemini produces a structured strategy
- Event Indexing — Real-time on-chain event monitoring for Vault and Pool
- Wallet — wagmi v2 + CoFHE SDK, Arbitrum Sepolia, MetaMask
- Amounts →
euint128via CoFHE/Fhenix runtime - ZkVerifier rejects unsigned input — no dummy ciphertexts
decryptForViewrequires a signed permit — only you can read your own position- Cross-user isolation verified: user B cannot decrypt user A's ciphertext handles
Presenter A (User with encrypted position):
"I have USDC I want to use as collateral in DeFi — but I don't want the world to see my positions, my liquidation risk, or my trading strategy. With FheForge, I encrypt my deposit client-side using CoFHE. The contract only sees ciphertext. I can supply, borrow, and swap — all with encrypted amounts."
Presenter B (Demonstrating privacy):
"Now, let's verify privacy is real. Here's my encrypted position in the dashboard — the UI shows zero plaintext balances. Here's the block explorer — you can see the transaction but the amounts are garble. And here's the permit system: I can generate a signed cryptographic permit that lets a specific address (like an auditor or liquidator) decrypt just this one position — nothing else."
Presenter A (Showing the Builder):
"This is the DeFi Builder — a visual ReactFlow canvas. I drag a SWAP node, connect it to a SUPPLY node, describe the strategy to the AI in plain English, and deploy it. The backend simulates the strategy first, then the Composer contract orchestrates Vault → SwapRouter → LendingPool in a single atomic transaction."
forge 90 PASS | 0 FAIL
hardhat 12 PASS | 0 FAIL
brutal T1–T12 live breaker (all pass)
Run full suite: node contracts/scripts/test-hardened.js · node contracts/scripts/test-sharp.js
| Severity | Issue | Status |
|---|---|---|
| MED | Dual plain+encrypted input skew — functions accept both a plaintext amount and an encrypted InEuint128 encAmount. While _verifyEquality checks FHE.eq(incoming, claimedPlain), this verification itself operates on the same plaintext provided by the caller. A malicious caller could provide a valid plaintext for the equality check while the real encrypted value differs — the on-chain equality check is consistent within the transaction but does not prove that the user's intent matches the plaintext. Full trustless enforcement requires a CoFHE ZK proof of equality linking the two inputs, planned for post-MVP. Mitigation: the encrypted value is what persists in state, so any skew only affects the current transaction's plaintext flow. |
Known — documented in @dev |
| LOW | 2 solhint warnings (struct packing). Cosmetic only. | Deferred |
| INFO | Webpack build warnings (ox/viem dynamic imports, circular dependencies). Third-party — does not affect functionality. | Monitored — library updates |
Additional protocol-level limitations are tracked internally and will be addressed in future waves.
| Severity | Issue | Resolution |
|---|---|---|
| HIGH | LendingPool.borrow() — no collateral check |
Resolved — only checkLtvAndBorrow + borrowWithOracle exist, both guarded |
| HIGH | StrategyVault.positionStrategyIds never written |
Fixed (Wave 5) |
| LOW | Router.executor EOA |
Fixed — ExecutorContract deployed (Wave 6) |
| LOW | 96 solhint prettier warnings | Fixed — prettier format applied, 0 errors, 2 cosmetic warnings remain |
| HIGH | StrategyVault.closePosition() — no ownership check | Fixed (v1.1.0) — added positionOwner mapping |
| MEDIUM | PriceOracle.updatePriceFeeds() — broken address loop | Fixed (v1.1.0) — registeredTokens array |
| LOW | StrategyRegistry.broadcastStrategy() — off-by-one boundary check | Fixed (v1.1.0) |
| LOW | LendingPool.liquidateWithProof() — self-liquidation guard missing | Fixed (v1.1.0) |
| MEDIUM | SwapRouter deploy.ts missing 5th constructor arg | Fixed (v1.1.0) |
| HIGH | Duplicate interface files (IStrategyVault, ISwapRouter) | Fixed (v1.1.0) — consolidated |
| MEDIUM | hardhat.config.ts reads TESTER_PRIVATE_KEY (singular) | Fixed (v1.1.0) — TESTER1+TESTER2 |
| MEDIUM | 15 stale deployment artifacts + conflicting .solhint.js | Fixed (v1.1.0) |
| MEDIUM | Frontend 3 ABI mismatches (openPosition, borrowWithOracle, getPlainBalance) | Fixed (v1.1.0) |
| LOW | Dead code (InterestIndex, RESERVE_FACTOR_BPS, BalanceRevealed, Position.debt) | Fixed (v1.1.0) |
| MEDIUM | TokenRegistry triple copy-paste | Fixed (v1.1.0) |
| MEDIUM | Missing natspec on public functions | Fixed (v1.1.0) |
| MEDIUM | FheForgeTestHelper fragile storage copy | Fixed (v1.1.0) |
| HIGH | ZK verifier mock absent (liquidateWithProof untested) | Fixed (v1.1.0) |
| MEDIUM | Mock ACL boilerplate (impersonation) | Fixed (v1.1.0) — shared helper |
| LOW | Scripts env var names mismatch | Fixed (v1.1.0) |
| Layer | Technology |
|---|---|
| Smart Contracts | Solidity 0.8.28, CoFHE SDK, OpenZeppelin, Hardhat + Foundry |
| Frontend | Next.js 14, React 18, wagmi v2, viem, @cofhe/react, ReactFlow, Tailwind CSS, shadcn/ui, TanStack Query, Zustand |
| Backend | NestJS 11, Supabase (PostgreSQL), @nestjs/swagger, Google Gemini AI |
| Blockchain | Arbitrum Sepolia (CoFHE TaskManager) |
| Deployment | Vercel (frontend), Railway (API) |
| Name | Role | GitHub |
|---|---|---|
| symulacr | Smart Contracts, Backend, Frontend, Infrastructure | @symulacr |
# 1. Contracts
cd contracts && npm install && node scripts/test-hardened.js
# 2. Frontend
cd ui && bun install && bun dev
# 3. Backend
cd backend/apps && bun install && bun start:devCopy ui/.env.example → ui/.env.local and backend/apps/.env.development.example → backend/apps/.env.development. Fill in API keys.
If FheForge demonstrates that private DeFi is possible today, give us a star on GitHub — it helps buildathon judges see the community values this work!
Built with ❤️ for the Akindo "Private By Design" dApp Buildathon
Privacy isn't a feature. It's the foundation.