Claimable Transfers (Gifts)
Send shielded funds to an Ethereum wallet address that has not registered with
Privacy Boost yet, and reclaim the funds if they go unclaimed. See
Claimable Transfers for the concept and
trust model.
Preview feature — pending external audit, and enabled per deployment. All
commands below require an authenticated session (run privacy-boost login
first, or pass --private-key).
Funding a gift
When you know the recipient’s wallet but they have not joined Privacy Boost, use
gift-fund-to-wallet. The refund block is a height after which you can reclaim an
unclaimed gift; the allowed range is advertised from the server’s /info.
privacy-boost gift-fund-to-wallet \
--token 0x4200000000000000000000000000000000000006 \
--amount 1.0 \
--human \
--recipient-wallet 0xRecipientEoaAddress \
--refund-after-block 12395678 \
--current-block 12345678
Output:
Gift funded!
Transaction: 0x1234...5678
Claim link: pbgift:v1:eyJ...
Refundable after block: 12395678
Share the claim link with the recipient out of band. Treat it like a
password — it reveals the amount and recipient to anyone who reads it.
If the recipient is already a Privacy Boost user, include their privacy address
with gift-fund so the ciphertext is sealed to their viewing key:
privacy-boost gift-fund \
--token 0x4200000000000000000000000000000000000006 \
--amount 1.0 \
--human \
--recipient 0x04...recipient-privacy-address \
--recipient-wallet 0xRecipientEoaAddress \
--refund-after-block 12395678 \
--current-block 12345678
Funding parameters
| Flag | Required | Description |
|---|
--token | Yes | ERC-20 token contract address |
--amount | Yes | Amount (wei, or decimal with --human) |
--recipient | gift-fund only | Recipient’s 194-char privacy address |
--recipient-wallet | Yes | Recipient’s Ethereum address the gift binds to |
--refund-after-block | Yes | Block height after which you may reclaim |
--current-block | Yes | Current chain head (pre-validates the refund delay) |
--human | No | Interpret --amount as decimal |
--yes | No | Skip the recipient-wallet confirmation prompt |
The gift binds irrevocably to --recipient-wallet. The CLI shows the
checksummed address and asks you to confirm; a wrong-but-valid address can be
claimed by whoever owns it, and only an unclaimed gift is refundable.
Claiming a gift
List the pending gifts addressed to your wallet:
Output:
Pending gifts:
[0] tokenId=1 amount=1000000000000000000 refundAfterBlock=12395678
Claim one by its index in that list. --acknowledge-unknown-sender is required —
the hidden-sender model cannot reveal who funded the gift, so you explicitly
accept funds from an unknown sender:
privacy-boost gift-claim --index 0 --acknowledge-unknown-sender
Or claim straight from a claim link, without listing first:
privacy-boost gift-claim-from-link \
--link pbgift:v1:eyJ... \
--acknowledge-unknown-sender
Refunding an unclaimed gift
A claim and a refund spend the same nullifier, so only one can settle. After the
refund deadline, reclaim using the saved record’s index in your local gift ledger
(persisted in your session file, in the order you funded them):
privacy-boost gift-refund-by-record --index 0
If you no longer have the local record, refund by supplying every field manually:
privacy-boost gift-refund \
--recipient-wallet 0xRecipientEoaAddress \
--blind 0x... \
--refund-after-block 12395678 \
--token-id 1 \
--amount 1.0 --human \
--tree-number 0 \
--leaf-index 42
Previewing a claim link offline
Decode and decrypt a claim link into a preview, with no network call:
privacy-boost gift-decode-link --link pbgift:v1:eyJ...
Notes
- The secret-bearer funding mode is intentionally not exposed in the CLI; it
is experimental and a bearer instrument. See the
concept page.
- Keep your session file — it stores the gift
records that make your unclaimed gifts refundable.
Next steps