Skip to main content

Claimable Transfers (Gifts)

Send shielded funds to an Ethereum wallet address that has not registered with Privacy Boost yet, and reclaim the funds if they go unclaimed. See Claimable Transfers for the concept and trust model.
Preview feature — pending external audit, and enabled per deployment. All commands below require an authenticated session (run privacy-boost login first, or pass --private-key).

Funding a gift

When you know the recipient’s wallet but they have not joined Privacy Boost, use gift-fund-to-wallet. The refund block is a height after which you can reclaim an unclaimed gift; the allowed range is advertised from the server’s /info.
privacy-boost gift-fund-to-wallet \
  --token 0x4200000000000000000000000000000000000006 \
  --amount 1.0 \
  --human \
  --recipient-wallet 0xRecipientEoaAddress \
  --refund-after-block 12395678 \
  --current-block 12345678
Output:
Gift funded!
Transaction: 0x1234...5678
Claim link:  pbgift:v1:eyJ...
Refundable after block: 12395678
Share the claim link with the recipient out of band. Treat it like a password — it reveals the amount and recipient to anyone who reads it. If the recipient is already a Privacy Boost user, include their privacy address with gift-fund so the ciphertext is sealed to their viewing key:
privacy-boost gift-fund \
  --token 0x4200000000000000000000000000000000000006 \
  --amount 1.0 \
  --human \
  --recipient 0x04...recipient-privacy-address \
  --recipient-wallet 0xRecipientEoaAddress \
  --refund-after-block 12395678 \
  --current-block 12345678

Funding parameters

FlagRequiredDescription
--tokenYesERC-20 token contract address
--amountYesAmount (wei, or decimal with --human)
--recipientgift-fund onlyRecipient’s 194-char privacy address
--recipient-walletYesRecipient’s Ethereum address the gift binds to
--refund-after-blockYesBlock height after which you may reclaim
--current-blockYesCurrent chain head (pre-validates the refund delay)
--humanNoInterpret --amount as decimal
--yesNoSkip the recipient-wallet confirmation prompt
The gift binds irrevocably to --recipient-wallet. The CLI shows the checksummed address and asks you to confirm; a wrong-but-valid address can be claimed by whoever owns it, and only an unclaimed gift is refundable.

Claiming a gift

List the pending gifts addressed to your wallet:
privacy-boost gift-list
Output:
Pending gifts:
  [0] tokenId=1  amount=1000000000000000000  refundAfterBlock=12395678
Claim one by its index in that list. --acknowledge-unknown-sender is required — the hidden-sender model cannot reveal who funded the gift, so you explicitly accept funds from an unknown sender:
privacy-boost gift-claim --index 0 --acknowledge-unknown-sender
Or claim straight from a claim link, without listing first:
privacy-boost gift-claim-from-link \
  --link pbgift:v1:eyJ... \
  --acknowledge-unknown-sender

Refunding an unclaimed gift

A claim and a refund spend the same nullifier, so only one can settle. After the refund deadline, reclaim using the saved record’s index in your local gift ledger (persisted in your session file, in the order you funded them):
privacy-boost gift-refund-by-record --index 0
If you no longer have the local record, refund by supplying every field manually:
privacy-boost gift-refund \
  --recipient-wallet 0xRecipientEoaAddress \
  --blind 0x... \
  --refund-after-block 12395678 \
  --token-id 1 \
  --amount 1.0 --human \
  --tree-number 0 \
  --leaf-index 42
Decode and decrypt a claim link into a preview, with no network call:
privacy-boost gift-decode-link --link pbgift:v1:eyJ...

Notes

  • The secret-bearer funding mode is intentionally not exposed in the CLI; it is experimental and a bearer instrument. See the concept page.
  • Keep your session file — it stores the gift records that make your unclaimed gifts refundable.

Next steps