software

Building a Privacy Mixer in Solidity: Why My Merkle Proofs Were Failing

Published: (March 15, 2026 at 02:17 AM EDT)
1 min read
Source: Dev.to

Source: Dev.to

Privacy in Web3 is often seen as a “black box” of complex zero‑knowledge proofs. However, the heart of most privacy protocols like Tornado Cash is a much older and simpler structure: the Merkle Tree.

Recently, while building a research‑based ETH Mixer, I ran into a classic synchronization issue between on‑chain verification and off‑chain proof generation. Here is what I learned about Merkle Tree stability and how to avoid the “Invalid Proof” trap.

The Architecture

The goal was simple:

  1. Deposit – A user sends 1 ETH and a hash (commitment).
  2. Mix – The commitment is added to a Merkle Tree.
  3. Withdraw – The user provides a Merkle Proof to withdraw 1 ETH to a new address without revealing the original deposit.

The Pitfall: Sorted Hashes

Initially, I used a sorted‑hash Merkle Tree. In this approach, nodes are sorted before hashing:

// Vulnerable logic for manual proof generation
computedHash = a

Diagram of the Merkle Mixer architecture

Example proof verification

#solidity #blockchain #web3 #security #foundry

0 views
#software #programming #community
View source
Share:
Back to Blog

Related posts

Read more »

Travigo

Travel as fast as you speak with Gemini! Where live agents meet immersive storytelling & 3D navigation. This project was created for entering the Gemini Live Ag...

Micro games

Hey Gamers! 👾 As part of the Rapid Games Prototyping module, we are tasked with reviewing a peer's game. The challenge is to analyse a prototype built in just...