CORE CONCEPTS

The privacy model

PolyShield's privacy comes from a shared anonymity set, not from hiding that you use it. Understanding what that set is — and isn't — is the most important concept here.

Three people deposit from three wallets. Every bet they authorize is placed by the vault's single Polymarket account, so an on-chain observer sees one trader — never which depositor is behind a given bet.

One account, many authors

The vault holds exactly one Polymarket signing account (an EOA). When you authorize a bet, the signing layer places it from that account. So does everyone else's. On-chain there is a single stream of orders from one trader, and no field anywhere says which depositor stands behind each one.

Your privacy is therefore relative to the crowd. With three depositors, an observer knows your bet is one of three. With three thousand active depositors, it's one of three thousand. The set grows as the vault is used — this is the same anonymity-set principle behind every serious privacy protocol.

The deposit is the deliberate leak

PolyShield does not try to hide that a wallet deposited, or how much. That's an ordinary token transfer and faking it would mean lying about money the contract custodies. Instead, the design ensures the deposit reveals nothing about your future bets — the link from deposit to bet is what the zero-knowledge machinery severs.

The one client rule

All spend transactions must be submitted by the relay, never your own wallet. If you called a spend function directly, your wallet would appear as the transaction sender and de-anonymize that action. The frontend always routes through the relay — this is the single discipline the privacy model depends on at the client.