# Problem and Solution ## Problem Public bug bounty payouts today suffer from a structural privacy failure: * Treasury → researcher is a **single edge** on the public ledger — visible on Solscan instantly * Researchers cannot safely use **fresh wallets** — most treasuries' compliance policies forbid sending to addresses with no history * Researchers cannot safely use **existing wallets** either — they get linked to the bug they reported, the protocol they reported it to, and the dollar amount * Compliance still demands **auditability** — silent payouts break the audit trail accountants need * Existing privacy tooling **doesn't fit** — generic mixers are blanket-banned in most jurisdictions and offer no project-scoped audit trail ## Solution Tirai introduces a **privacy-preserving payout pipeline**: | Problem | Tirai Solution | | -------------------------------------------- | -------------------------------------------------------------------------------- | | Public deposit ↔ withdrawal edge | **Groth16 + Poseidon** Merkle tree severs the link inside Cloak | | Researchers forced to reuse main wallet | **Fresh-wallet mode** generates a zero-history keypair in the browser | | Auditors lose visibility under privacy tools | **Viewing-key scoped audit** — auditor sees every payment, never the destination | | Treasury platforms hold custody | **Non-custodial by design** — Tirai deploys no program, holds no funds | Once a project deposits to the Cloak Shield Pool, the researcher — not the project — initiates the claim using a zero-knowledge withdrawal proof. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://moai-3.gitbook.io/tirai-frontier/introduction/problem-and-solution.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.