ZK-072: Replace lossy recipient decoding with a verifiable address-binding strategy

[ANAVHEOBA]

Wave: PrivacyLayer ZK Wave 2
Issue Key: ZK-072
Area: withdraw
Priority: High
Drips Complexity: High

Summary

The SDK currently hashes Stellar addresses into fields while the contract tries to decode a concrete address back out of 32 bytes. Replace that mismatch with a recipient-binding design the contract can actually verify.

Relevant Code

• sdk/src/encoding.ts
• sdk/src/public_inputs.ts
• sdk/src/proof.ts
• contracts/privacy_pool/src/core/withdraw.rs
• contracts/privacy_pool/src/utils/address_decoder.rs
• contracts/privacy_pool/src/integration_test.rs

Scope

• Choose a single recipient-binding model for the proof boundary, such as explicit recipient argument plus hashed public input binding.
• Update SDK encoding and contract withdraw flow together so the same address semantics are used end to end.
• Add negative tests for mismatched recipient argument versus proof-bound recipient commitment.

Acceptance Criteria

• The contract no longer attempts to reconstruct an address from an irreversible hash format.
• SDK witness generation and contract verification agree on recipient binding rules.
• Cross-stack tests show the wrong recipient is rejected deterministically.

Out of Scope

• New wallet UX and non-ZK frontend polish
• Unrelated Soroban business logic outside the withdrawal proof boundary

Dependencies

• ZK-031

Validation

• Inspect derived checks: node scripts/zk_ticket_check.mjs --issue-key ZK-072
• Run derived checks: node scripts/zk_ticket_check.mjs --issue-key ZK-072 --run
• Pull requests should include Wave Issue Key: ZK-072 in the title or body.

References

• sdk/src/encoding.ts
• sdk/src/public_inputs.ts
• sdk/src/proof.ts
• contracts/privacy_pool/src/core/withdraw.rs
• contracts/privacy_pool/src/utils/address_decoder.rs
• contracts/privacy_pool/src/integration_test.rs

[soomtochukwu]

@soomtochukwu has applied to work on this issue as part of the Stellar Wave Program's 4th wave.

Hello, you can trust me to take care of this ASAP

ℹ️ Repo Maintainers: To accept this application, review their application or assign @soomtochukwu to this issue.

[drips-wave]

Congratulations, @soomtochukwu! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on April 29, 2026.

🧑‍💻 @soomtochukwu: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊

[slendereater-sketch]

/attempt