Cylend Logo
Documentation

Architecture Overview

Deep dive into Cylend's privacy-preserving credit infrastructure and cross-chain design

System Architecture

Cylend is built on a unique dual-chain architecture that separates public settlement from private computation:

Cylend Cross-Chain Privacy Architecture

Mantle Sepolia

Public Settlement Layer

  • • Hosts PrivateLendingIngress contract
  • • Manages deposit creation (native & ERC20)
  • • Handles fund releases
  • • Publishes encrypted action hashes
  • • Observable settlement layer

Sapphire Testnet

Private Computation Layer

  • • Hosts LendingCore contract
  • • Processes encrypted actions
  • • Manages lending logic & positions
  • • Calculates health factors privately
  • • All details remain confidential

Core Components

The Cylend ecosystem consists of several interconnected components:

1. Frontend (Next.js)

User Interface

Modern web application built with Next.js 16, React 19, and RainbowKit for wallet integration.

  • Wallet Integration: Wagmi + RainbowKit for seamless wallet connections
  • Client-Side Encryption: Uses Sapphire SDK to encrypt action payloads
  • Real-Time Updates: Queries Ponder GraphQL for live data
  • Type-Safe: Full TypeScript support with auto-generated types

2. Smart Contracts

On-Chain Logic

Two primary contracts handle public and private operations:

PrivateLendingIngress (Mantle)

Manages deposits, action submissions, and fund releases

LendingCore (Sapphire)

Processes encrypted actions and maintains private lending state

3. Ponder Indexer

Event Indexing

Multi-chain event indexer that provides a unified GraphQL API:

  • Multi-Chain: Indexes events from both Mantle and Sapphire
  • GraphQL API: Query deposits, actions, positions, and liquidity
  • Real-Time: WebSocket subscriptions for live updates
  • Database: SQLite (dev) or PostgreSQL (production)

4. Backend Service

Automation

Automated service that processes pending actions:

  • Event Monitoring: Watches for EncryptedActionStored events
  • Action Processing: Calls processAction() on LendingCore
  • Price Updates: Fetches latest prices from ROFL Oracle
  • Retry Logic: Handles failures with exponential backoff

5. Hyperlane

Cross-Chain

Facilitates secure cross-chain message passing:

  • Message Relay: Forwards messages between Mantle and Sapphire
  • Security: Uses Interchain Security Module (ISM)
  • Reliability: Automatic message delivery with retries

Privacy Model

Cylend achieves privacy through client-side encryption and Sapphire's confidential computing:

What's Private:

  • Action Details: Amount, token, counterparty info (all encrypted)
  • Position State: Collateral amounts, borrow amounts, health factors
  • Lending Logic: All computation happens in Sapphire TEE

What's Public:

  • Deposit Creation: Depositor address and deposit amounts
  • Action Hashes: Hash of encrypted action ciphertext
  • Settlement Events: Fund release notifications (amounts visible)
  • Position Hashes: Hash of position state (not actual values)
Important

All sensitive details are encrypted client-side using Sapphire's public key before leaving the browser. Mantle only sees encrypted ciphertext hashes, while Sapphire decrypts and processes within a Trusted Execution Environment (TEE).

Key Design Decisions

Why Two Chains?

Separating settlement (Mantle) from computation (Sapphire) provides the best of both worlds: Mantle offers high throughput and low costs for deposits and releases, while Sapphire provides confidentiality for sensitive lending operations. This design also allows for future scalability and multi-chain settlement support.

Why Client-Side Encryption?

Encrypting action payloads in the browser ensures that even if network traffic is intercepted, no sensitive information is leaked. The frontend never sends plaintext amounts or token details over the network.

Why Backend Service?

The processAction() function on LendingCore is owner-only for security. A backend service with controlled access to the owner private key automates action processing while maintaining security. This prevents frontrunning and ensures actions are processed in order.

Why Ponder?

Ponder provides efficient multi-chain event indexing with a GraphQL API out of the box. It handles real-time subscriptions, database management, and type generation, significantly reducing development time compared to building a custom indexer.

Explore More

System Design

Detailed system architecture

Data Flow

How data moves through the system

Cross-Chain

Hyperlane integration details

Security Model

Threat model and security guarantees