HushBid Protocol

HushBid Protocol is a sealed-bid auction protocol for on-chain assets. Bids are encrypted, committed on-chain as hashes, and only decrypted inside a Chainlink CRE Trusted Execution Environment when it's time to settle. Nobody, not the seller, not other bidders, not even the platform can see bid amounts until the DON determines the winner.

The problem it solves
On-chain auctions today are broken because every bid is publicly visible. This causes front-running, bid sniping, and strategic manipulation. Bidders don't bid what they think an asset is worth, they react to what others bid. True price discovery never happens.
HushBid fixes this by bringing sealed envelopes to the blockchain. Bidders encrypt their bid with the DON's public key, deposit payment through the Convergence Privacy Vault (so even deposit amounts can't be correlated), and commit only a hash on-chain. When bidding ends, the CRE workflow fetches encrypted bids from IPFS inside the TEE, decrypts them, normalizes multi-token bids to USD using Chainlink Data Feeds, picks the winner, and submits a DON-signed settlement transaction. The whole process is trustless , no single party ever sees the raw bid data.
Other features include World ID sybil resistance (one-person-one-bid), multi-token bidding, shielded addresses for anonymous asset delivery, and an AI agent that autonomously monitors auctions and triggers CRE settlement.

The whole application is made up of four packages:

• Solidity contracts — HushBid.sol is the core auction contract with commit-reveal phases, World ID integration via WorldIDRouter, and privacy levels. PriceNormalizer.sol wraps Chainlink Data Feeds for multi-token bid comparison. It is deployed on Ethereum Sepolia.
• TypeScript SDK (@hushbid/sdk) — HushBidClient class for contract interactions, keccak256-CTR encryption for DON payloads, Convergence Token API client for private transfers (EIP-712 authenticated), and token deployment tooling (ports of the Convergence Foundry scripts). Uses viem throughout. The aim is to make the platform easily reusable by other developers
• CRE Workflow— Event-driven workflow using CronCapability for periodic sweeps, EVMClient for on-chain reads/writes, ConfidentialHTTPClient for executing private settlement
• React demo app — Full auction UI with bid submission, Convergence vault panel, World ID verification via and real-time auction phase tracking. This is done to demostrate how everything works together and to show how the sdk can be used.
• An AI agent layer - This is an AI powererd loop/agent that reason and also excutes CRE workflow simulations for autonomous settlement.

Tenderly Virtual TestNet

Explorer Link: https://dashboard.tenderly.co/explorer/vnet/ee68a34e-c393-488c-a021-05dc43b370d9/transactions
I initially deployed and tested all contracts on a Tenderly Virtual TestNet, which was very useful for rapid iteration — instant block confirmations, unlimited faucet ETH, and the built-in debugger made it easy to trace reverts and inspect storage. The transaction history on the explorer above shows the early contract deployments and test auctions I ran there.

However, I had to migrate to Ethereum Sepolia for final deployment because the Convergence Privacy Vault requires the chain ID to be actual Sepolia (chain ID 11155111). Tenderly Virtual TestNets use a custom chain ID, and the private transaction signing (EIP-712) would not work with a non-standard chain ID — the Convergence Token API rejected the requests. Since shielded bid payments are core to HushBid's privacy model, I moved everything to Sepolia proper.

What was validated on Tenderly Virtual TestNet:

• HushBid contract deployment and auction lifecycle (create -> bid -> settle)
• PriceNormalizer integration with Chainlink Data Feeds (ETH/USD, USDC/USD price normalization)
• World ID proof verification flow via WorldIDRouter
• CRE workflow simulation triggering settlement transactions
• AI agent's Gather -> Reason -> Execute loop reading on-chain state and invoking CRE

What required real Sepolia:

• Convergence Privacy Vault deposits/withdrawals (EIP-712 signatures bound to chain ID 11155111)
• End-to-end private bid payment flow (deposit → shielded transfer → settlement)