Skip to content

web3spida/cipherlend

BranchesTags

Repository files navigation

CipherLend

CipherLend is a privacy-preserving institutional credit prototype built with CoFHE. Borrowers encrypt financial inputs in the browser, contracts compute encrypted underwriting signals, and loan requests are gated by CoFHE decrypt-for-transaction proofs instead of direct plaintext reveals.

Production Shape

  • Frontend: React, Vite, RainbowKit, wagmi, @cofhe/sdk/web.
  • API: Express, TypeScript, Ethers v6, @cofhe/sdk/node.
  • Contracts: Solidity, Hardhat, @fhenixprotocol/cofhe-contracts.
  • Deployment: Render Blueprint with a static frontend service and Node API service.

Core Documentation

Local Requirements

  • Node.js 22.17.0 or newer
  • npm 10 or newer
  • A .env file based on .env.example

Install

npm install

Development

Frontend:

npm run dev

Backend:

npm run dev:backend

Contract compile and tests:

npm run compile
npm run test

Typecheck:

npm run typecheck

Production Build

Build frontend:

npm run build:web

Build backend:

npm run build:backend

Full production verification:

npm run build:production

Start compiled API:

npm run start:backend

API Health

GET /health
GET /ready

/health is a process liveness check. /ready verifies production configuration and RPC connectivity.

Render Deployment

The repository includes render.yaml.

Deploy order:

  1. Deploy contracts to Sepolia, Arbitrum Sepolia, or Base Sepolia.
  2. Set API service environment variables in Render.
  3. Deploy cipherlend-api.
  4. Confirm /health and /ready.
  5. Set static site VITE_* environment variables.
  6. Deploy cipherlend-web.
  7. Add the final web origin to API ALLOWED_ORIGINS.

See docs/RENDER_DEPLOYMENT.md for the full runbook.

Supported CoFHE Networks

  • sepolia
  • arbSepolia
  • baseSepolia
  • hardhat / localcofhe for local development

Important Production Caveats

  • Do not reuse admin wallets as the API signer.
  • Do not deploy with zero contract addresses.
  • Do not expose raw borrower financial values to the API in production flows.
  • Reineira / Privara has an optional SDK-backed API boundary for status, balances, and plain escrow creation. Full protocol settlement rollout still requires deployed Reineira addresses, resolver design, and live operator validation.
  • Current dependency audit findings require a separate security triage before handling real funds.

About

A permissionless credit market where borrowers prove creditworthiness without exposing their book, lenders price risk without seeing raw financials, and auditors verify compliance without full disclosure.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages