ZFUN TOKEN
Airdrop
Claim your z.fun tokens with complete privacy
Overview
The z.fun airdrop distributes tokens to Zcash users who can prove ownership of assets at the canonical snapshot (height 3,118,950). Using the SP1 zkVM, your browser generates a witness from your wallet, verifies it locally, and requests a Groth16 proof. Public outputs include only a rounded balance and hash lists used for replay protection.
The witness is produced fully client-side via WebAssembly from a read-only light-wallet database. It contains Merkle inclusion proofs for Sapling/Orchard commitments, alternate nullifier exclusion proofs, and transparent shielding validations. The serialized witness is sent to a prover service that brokers the SP1 proof and enforces duplicate protection.
Snapshot Details
The airdrop is based on a Zcash blockchain snapshot taken at:
Eligibility
Any Zcash user with provable holdings at the snapshot height can participate:
- Holders of Sapling shielded notes (zs addresses)
- Holders of Orchard shielded notes
- Transparent UTXOs that were shielded after the snapshot (validated per-input)
- Users with UFVKs sufficient to reconstruct notes and addresses
How to Claim
- Export Wallet Database
Export your Zcash wallet database file (usually wallet.dat or data.db) from your Zcash wallet software. This contains your encrypted transaction history and viewing keys.
- Upload & Generate Witness
Upload your database to the webapp. The WASM module processes it entirely in your browser, creating a `HoldingsWitness` with Merkle paths and exclusion proofs. Your database never leaves your machine.
- Submit to SP1 Prover
The witness is serialized to an SP1 stdin buffer and uploaded to a presigned URL. The prover service enqueues a proof request to the SP1 Reserved network and later verifies the returned proof before releasing it.
- Claim Airdrop
Once the proof is verified, your allocation can be recorded and later claimed on-chain. The public outputs expose only a rounded total and hash lists; exact note balances remain private.
Technical Details
The airdrop proof generation process:
FAQs
ZFUN is an experimental token leveraging zero knowledge proofs to airdrop tokens to ZEC holders. There is no planned utility for the token.
In order to claim the airdrop, holders must generate a zero knowledge proof of their holdings. This proof is then submitted onchain to the Solana smart contract which verifies it and stores the registered airdrop amount. Upon the token launch, recipients can then call the "Receive" function on the smart contract to receive their airdropped tokens.
The zero knowledge proof proves that the holder has a certain amount of ZEC holdings. It does not connect the holder's Solana address to their shielded holdings or the source of their shielded holdings. However, the public commitment does contain hashes of transparent UTXOs.
No. There are several layers of protection towards maintaining privacy of your shielded transactions.
The private data that is exported from your wallet and used to prove your airdrop holdings is read-only. It does not have the secrets necessary to spend tokens, only the viewing keys which allow read-only access to your wallet.
The private data is then processed on your computer in the frontend, using Javascript and WebAssembly code that is fully open source. You can view this code here, verify its correctness, and run it locally if you wish.
The frontend creates a proof input which is sent securely using zkTLS directly to a TEE prover, powered by Succinct SP1 Private Proving + Phala Dstack. Because it is encrypted, only the verifiable prover running in the TEE can decrypt the data and use it to generate an SP1 proof. More info is available here.
The prover generates a zero knowledge proof declaring that your Solana address should receive a verified number of tokens. It also includes unique identifiers used to prevent repeat claims for the same holdings. These identifiers are unique to your holdings but cannot be linked back to your shielded notes, meaning your Solana address is not linked back to your shielded holdings.
Z.fun's servers have the proof ID corresponding to your proof input which makes it possible to track the status of your proof and download the result from the TEE prover. It does not enable access the shielded input data.
If you wish, you can run the open source Rust proving tool locally which runs the entire witness generation and proving flow locally, meaning that all of your read-only wallet data never leaves your computer. The local tool generates a proof for the exact same verifier program as this interface.
Yes! All of the code for ZFUN is open source and publicly available on GitHub. This includes the frontend web application, the Rust proving tool, and all related infrastructure. You can audit the code, verify its correctness, and even contribute improvements.
The open source nature of the project ensures transparency and allows anyone to verify that the system operates as claimed without compromising user privacy.
z.fun benefits Zcash ecosystem because it is a free airdrop for holders, and because it promotes using shielded balance in Zcash. Holders with transparent balance must shield their ZEC in order to claim the airdrop. By increasing the number of shielded tokens, the Zcash anonymity set becomes more private for all.