I have been thinking about zkOffers and zkZoe. They fit wonderfully with our general security model: contracts/servers don’t know who clients are (message.sender considered evil), they just know that any operation that can be invoked is authorized. So Zoe just needs strong assurance that the underlying assets are escrowed and can be reallocated. It doesn’t have to know anything about who or what client contracts provided them or gets to claim the payouts.
5 Likes