Veil Protocol

Open ENS DAO's treasury wallet on Etherscan (0xFe89cc7aBB2C4183683ab71653C4cdc9B02D44b7) https://etherscan.io/address/0xFe89cc7aBB2C4183683ab71653C4cdc9B02D44b7#tokentxns .
You can see every contributor payment: $9,863 USDC/day streamed to 9 stewards via Superfluid, exact amounts, exact addresses. Go to MakerDAO governance: "Flip Flop Flap Delegate LLC received 12,000 DAI" at 0x688d508f.... Their landlord, their ex, a competitor can see exactly what they earned.

This is the default for every DAO paying contributors today. Gitcoin, Nouns, Bankless, Lido, all public. Gitcoin literally ran a public "Contributor Compensation Audit" because 95% of their $5M multisig spending is contributor pay and it was all visible on-chain. (https://gov.gitcoin.co/t/contributor-compensation-audit/12750 )

Veil Protocol fixes this -> It runs confidential payroll for DAOs using 6 Chainlink capabilities:

1. CRE Runtime orchestrates the payroll pipeline (cron trigger, on-chain reads, tx submission)
2. CRE Secrets protects treasury private keys inside TEE (node operators never see them)
3. Confidential HTTP fetches encrypted payroll data (recipient addresses + amounts invisible to network)
4. ACE (Confidential Compute) executes private token transfers with hidden sender identity and shielded recipient addresses
5. Data Feeds provides token prices for USD budget validation

The on-chain footprint is minimal: batch type, total amount, recipient count, and a Merkle root. Individual amounts and recipient addresses never touch the public chain. But any contributor can verify their own payment was included using a Merkle proof, without revealing anyone else's salary.

Real ACE transactions executed:

• 019ccfc9-b000-75f3-9d3f-9fe7261ca4a1 (3 LINK to Alice, sender HIDDEN)
• 019ccfc9-b14b-773c-ba60-521fdbfa8d48 (2 LINK to Bob, sender HIDDEN)
• 10+ historical transfers with is_sender_hidden: true
• Withdrawal ticket hash: 0x2778dd11a02674bee58b29470dbea2fb260a621cdbd549b314c01fe1486e076b

All verified against ACE vault 0xE588a6c73933BFD66Af9b4A07d48bcE59c0D2d13 on Sepolia (526+ transactions).

Smart Contracts (Solidity + Foundry):

• VeilVault.sol manages treasury, batch lifecycle (PENDING -> EXECUTING -> COMPLETED), monthly budget tracking, and on-chain Merkle attestations for payment verification
• VeilVaultFactory.sol for permissionless vault deployment by any DAO
• 32/32 Foundry tests covering batch submission, CRE execution, budget tracking, Merkle proof verification, and multi-batch flows
• Deployed and verified on Base Sepolia: 0x42118f942332f6caee0aa768bb741a2f1eb65204 (https://sepolia.basescan.org/address/0x42118f942332f6caee0aa768bb741a2f1eb65204 )

CRE Workflow (TypeScript, 690 lines):

• 7-step pipeline: Read pending batches -> Fetch prices -> Fetch payroll data -> Mark executing -> ACE private transfers -> Complete batch -> Audit trail
• Real EIP-712 typed data signatures for ACE API authentication
• secp256k1 signing via @noble/curves for Confidential Compute authorization
• Consensus aggregation across nodes using ConsensusAggregationByFields
• Cross-chain routing via CCIP for multi-chain DAOs

Frontend (Next.js + wagmi):

• Dashboard, payroll management, audit page, Merkle proof verification UI
• Live contract reads from Base Sepolia
• Employee self-service: verify your own payment on-chain without revealing others