The Problem

On-chain auctions are fundamentally broken for high-value Real World Assets. Public bids let sniper bots watch the mempool and overbid at the last second, destroying fair price discovery. There is no identity layer — anyone can spin up unlimited fake wallets to manipulate outcomes with Sybil attacks. And if a wallet's private key is stolen, the thief can instantly transfer any NFT to an anonymous address. For assets worth thousands or millions of dollars, there is no recovery.

What is MaskBid?

MaskBid is a decentralized sealed-bid auction platform for Real World Assets — watches, art, gold, real estate. Every bid is encrypted in the browser before it leaves the device, and can only be decrypted by Chainlink's secure enclave after the auction ends. Ownership is bound to a verified human identity, not just a private key.

Three guarantees that have never coexisted before:

1. Confidential Bids — Bid amounts are RSA-OAEP encrypted client-side. Nobody — not the seller, not the database admin, not blockchain observers — can see any amount until the auction closes. Only Chainlink CRE's VaultDON enclave holds the private key, and it only runs after the auction ends.
2. Proof of Personhood — Every participant must pass World ID verification through a dedicated Chainlink CRE workflow. Multiple CRE nodes independently verify the World ID proof via worldcoin.org and must reach consensus before KYC status is written on-chain. One real human, one bid. No bots. No Sybil attacks. Unverified wallets are blocked at the EVM level.
3. Trustless Settlement — When the auction ends, Chainlink CRE fetches all encrypted bids via ConfidentialHTTP, decrypts them inside the secure enclave, picks the winner by consensus, and submits an ABI-encoded report on-chain through the Forwarder. No human intervention. No intermediary. The winner pays and receives the ERC-1155 RWA token in one transaction. Losers get their USDC deposit refunded automatically.

How it works — 6 phases:

1. Register — Seller registers a Real World Asset (e.g. a Rolex watch) on MaskBidAsset.sol. A Chainlink CRE Log Trigger picks up the AssetRegistered event and syncs state to Supabase.
2. Verify & Mint — A KYC-verified Verifier approves the asset and mints an ERC-1155 token. CRE Log Trigger syncs AssetVerified and TokensMinted events.
3. Create Auction — Seller creates a sealed-bid auction. The ERC-1155 token is escrowed by MaskBidAuction.sol. CRE Log Trigger syncs AuctionCreated.
4. Place Sealed Bids — Bidders (World ID verified) enter a bid amount. The app RSA-encrypts it client-side before submission. Only a SHA-256 hash goes on-chain. Only RSA ciphertext goes to Supabase. The plaintext never leaves the browser.
5. CRE Resolution — After the auction ends, the Chainlink CRE Auction Solver runs: ConfidentialHTTP fetches encrypted bids with a VaultDON-injected auth token, decrypts all bids inside the enclave, selects the highest bidder, and submits the result on-chain. The contract transitions to PendingClaim.
6. Claim — Winner calls claimWin(): pays the winning USDC amount (goes to seller) and receives the RWA token. Losers call claimRefund() to recover their deposit.