Private Transactions on Kickback.events using Tornado.cash

Websamuraidev
wearekickback
Published in
6 min readJan 28, 2020
Kickback.events

Kickback is looking to incentivize seriousness in attendees to events by committing RSVP. Users stake some amount of their crypto holding and then they get it back after they appear at the event.

However, transactions on the platform are not private at all. Addresses are tied to users social profile. This have raised concern among our community who is strong respectful to their Privacy Philosophy.

As privacy concerned users we found it intuitive to use Tornado.cash.

Tornado.cash

A third-party Open Source Software Service which it’s able to “camouflage” transactions on the network. They set a minimum amount of deposits for their users.

  1. We recommend you have more than 2 accounts set it up on your MetaMask or any other Web3 provider (for anonymity increase).
  2. Move the funds from your main account to any other account on the Web3 Provider.
  3. Go ahead to tornado.cash and initiate a deposit transaction. It will prompt “Your note” window which you need to save in order for you to withdraw the funds later. Click on the copy button and save it at somewhere safe (a notepad) then confirm you backed up your note to continue.
You won’t get your deposit back if you don’t save this note.

4. After that, click on “Send Deposit” and it will prompt your Web3 Provider window. Check that all is good before moving on.

When done, the deposit will appear on the tornado.cash UI history with some useful data including a “Note” button to check again your “Transaction note” (Not recommended. We advise you to save the note always before making any deposit. See Step 3).

5. [Time passed] This is something we want to look for as they recommend having a spare amount of time before starting a withdrawal. They do by expecting a subsequent of deposits in which more deposits after yours the transactions become stronger in anonymity and safer for your privacy.

6. If you feel ready, go ahead to the Withdrawal tab and begin withdrawing your funds. Remember the note from step 3, look for it and paste it on the Note input.

You can see here the amount you are withdrawing as well as the time passed since you made your deposit, and if your transaction has any subsequent deposits. They do not recommend withdraw funds if it doesn’t have any.

On this section you may also want to look on the Withdrawal settings tab:

Withdrawal Settings

Clicking there will prompt a set of options that you can use before Withdrawing. Including a set of different relayers and a custom option for you to set your own private relayer. (If you are hardcore with your privacy).

If you want to avoid any relayer fee, use Your Own Wallet. You will only have to pay for any Ethereum network fees and receive the exact amount of tokens you deposited.

If you are using this latter, before saving settings. Make you sure you have any other wallet selected on the MetaMask/Web3 Provider that is not linkable to any of the address you made the deposit, and that has enough amount of tokens able to pay network fees. Otherwise, the withdrawal anonymity may be compromised.

7. This is where our other accounts in MetaMask/Web3 providers are useful for. We don’t want to withdraw the funds to the same address we did our deposits. Let’s look for an address in any of the accounts we may want to use. Paste the address on the “Recipient Address” after the address is pasted in will show more useful data. Including “Relayer fees” and the amount of tokens you will receive after “Withdraw”.

Because Relayer fees you are getting less than the amount you deposited.

8. Wait for the system to generate Zero Knowledge proof.

Once this is done it will appear Withdrawal Confirmation. Click Confirm.

If using a Relayer, on the settings it should show:

After clicked confirm Relayer will begin sending your transaction to the address you state on step 6.

If you use your own wallet, in the configuration tab, your Web3 window should appear with the above selected account to pay any fees (see Step 7):

Web3 prompt with selected account to pay any fee for the transaction

After the above steps are done we may see a message on the main interface:

On the history tab, you will get a Withdrawn transaction

Transaction history (shown black grey) after successfully withdrawn.

Hopefully you have now obfuscated the funds we may want to use for RSVP and to expand our anonymity into the Kickback platform.

9. Go ahead to the Kickback platform and sign in with your main Web3 account, the one you’ve used to sign up.

10. Go to an Event you want to RSVP and change your Web3 account to the one you have your received your funds from Tornado.cash (While the transaction is in progress changing between accounts it shall not give any conflict on the kickback platform.)

We are staking the funds with another selected account in our Web3 provider to increase anonymity.

Click Confirm and you should all be good and ready to go. You may have your most smiley picture on the profile :).

Things to take in count:

In Step 3, anytime you want to deposit some tokens exercise caution! after you receive “Your Note”. This note will change anytime you close this window or the browser crashed and if the browser is accidentally refreshed too. So make sure you backed up your note and confirm you did, then click “Send Deposit” before refreshing the browser or closing it.

“Note” Changes anytime you refresh browser, browser crashed or you close this window.

Limitations while using Tornado.cash for Kickback:

Experimental Software:

Tornado.cash it’s still consider being on an experimental phase. And may arise some bugs along the way. Exercise caution when using it.

Tornado.cash Relayer Fees:

Relayers take some fee the moment withdraw any deposited tokens. These fees are going to the tornado.cash relayers and they are high (talking in GWEI) in comparison with what you need to actually send an ETH transaction.

Ethereum Network fees are also necessary besides relayer fees (if you are using one). Make sure you always have enough ETH to cover any fees.

Tornado.cash only supports fixed amounts. This is because they expect a subsequent deposits so they are able to work with the same amounts.

0.10 ETH
100 DAI
5000 cDAI
100 USD
5000 cUSD
100 USDT

Kickback users who want to set their transactions private have to meet these requirements while using Tornado.cash. This is because of Tornado’s implemented functionality. Otherwise, if you try to make a deposit, you will get an alert error.

You may have ETH in your wallet, but if you don’t meet the minimum, the app will still think you don’t have any.

Tornado.cash Supported Tokens:

While Kickback it’s proudly supporting any ERC-20 Token, Tornado.cash does not. Right now you can only obfuscate your transactions with one of the available tokens.

Tornado.cash token list

Enjoy transacting on Kickback without compromising your anonymity principles.

--

--