← Hypotenuse Labs

PrismProtocol · TINT (via Hypotenuse Labs)

Privacy-preserving on-chain advertising

A two-sided Web3 ad network on Berachain that targets users by on-chain activity without exposing their wallet data — matching and sealed auctions run inside a Trusted Execution Environment, settled on-chain.

x.com/PrismFHE ↗

Context

TINT is the first product on Prism Protocol — a Web3 ad network for the Berachain ecosystem. High-traffic infra and community sites (publishers; e.g. the Beratrail explorer, BGT Station) monetize visits by serving banner ads, while dApps (advertisers) acquire users by targeting on-chain interests. The differentiator is privacy: targeting is computed without revealing a visitor’s holdings or net worth to advertisers. I led the engineering team and architected the platform end to end.

How it works

When a visitor loads a publisher page, a sealed auction runs among autonomous agents — one per advertiser campaign. Each campaign defines conditions over the visitor’s on-chain profile (uses protocol X, holds ≥ N $HONEY, estimated net worth, owns NFT) with a max bid; the highest matching bid wins, its IPFS banner is served, and it pays the publisher. Profiles are scored inside the enclave, so raw wallet data never reaches advertisers.

End-to-end auction and on-chain settlement

On-chain settlement — PrismAccounting.sol

Settlement is trustless and batched. Campaign budgets escrow in PrismAccounting (Solidity ^0.8.26, OpenZeppelin Ownable · AccessControl · Pausable · SafeERC20), denominated in the $HONEY ERC-20.

  • Advertisers fund campaigns keyed by a bytes32 identifier; remaining budget is refundable on cancel.
  • The off-chain auction engine holds a dedicated DEBITOR_ROLE and submits results via batchAuctionSettlement(auctions[]) — one transaction debits many campaign budgets and credits the winning publishers.
  • Each settlement credits settlementPrice × publisherShareBps / 10_000 to a whitelisted publisher’s accrued balance; publishers later pull funds (min 0.01 $HONEY) — minimizing transactions.
  • Separation of duties via roles — DEBITOR_ROLE, PAUSER_ROLE, EMERGENCY_ADMIN — plus pausability and emergency withdrawal.

Deployed on Berachain (Bartio): 0x82ff…767B ↗

Privacy core — TEE + zero-knowledge

The visitor’s on-chain profile is fetched and scored inside an AWS Nitro Enclave. A Rust vsock proxy mediates all enclave I/O; sensitive data is pulled over TLS terminated in enclave memory, encrypted there, and only re-decryptable by an enclave that presents a cryptographic attestation matching a predefined AWS KMS policy — so neither the host nor advertisers can read it. A periodic job caches encrypted activity to serve returning visitors faster. Auction computations are backed by zero-knowledge proofs (RISC Zero, Succinct SP1) for verifiable execution.

Integration surface

Publishers drop in the TypeScript SDK (prism-sdk, incl. a React hook with wallet detection and JWT-gated impression/click tracking). A NestJS API aggregates on-chain data (DeBank, Moralis) to build interest profiles, and a Next.js portal lets advertisers configure, fund, and track campaigns.

Stack & integrations

  • TypeScript
  • NestJS
  • Next.js
  • Solidity ^0.8.26
  • Hardhat
  • OpenZeppelin (AccessControl, Pausable, SafeERC20)
  • Berachain ($HONEY ERC-20)
  • AWS Nitro Enclaves (TEE)
  • AWS KMS attestation
  • Rust (vsock proxy)
  • RISC Zero
  • Succinct SP1
  • DeBank
  • Moralis
  • IPFS

My contribution

Led the engineering team and architected the platform end to end — the TEE auction service (Nitro Enclave parent server, Rust vsock proxy, attestation/KMS-gated decryption), the Solidity accounting contracts, the zero-knowledge verification, the prism-sdk, the NestJS API + data aggregation, and the Next.js advertiser portal. Closed the incubation phase with a $200k BuildaBera grant and launched into closed beta in the Berachain ecosystem.