Skip to main content

Architecture

Bermuda Architecture

Bermuda's architecture is split into three layers: Client, Infra, and Contracts. Each layer is independent and communicates through well-defined interfaces.

Client

The client layer runs entirely on the user's device. No private data ever leaves this layer.

  • User / Bot — The entity initiating a transaction, whether a human through a wallet or an autonomous AI agent.
  • Wallet — Any Ethereum wallet (EOA or smart account). Bermuda supports both ethers.Signer and viem.WalletClient, including ERC-4337 smart accounts and Safe multi-sig wallets.
  • Bermuda SDK — The core integration point. Handles account creation, balance lookups, and transaction construction. All ZK proof generation happens client-side inside the embedded Prover — spending keys and transaction details never leave the user's device.

Infra

The infrastructure layer handles transaction dispatch and compliance screening. These are off-chain services that facilitate on-chain execution without having access to private transaction data.

  • Bermuda Relayer — Submits shielded transactions on behalf of users, decoupling the sender's identity from the on-chain transaction origin. This is what makes transfers and withdrawals anonymous at the network level.
  • ERC-4337 Bundler — Processes UserOperations for smart account wallets, enabling gasless transactions through paymasters.
  • x402 Facilitator — Mediates private agent-to-service payments over the x402 protocol, verifying payment proofs and settling between payer and payee.
  • Compliance Engine — Performs KYT (Know Your Transaction) screening on deposit addresses before funds enter the pool. Feeds updated blacklists to the on-chain Compliance Gateway when new threat intelligence emerges.

Contracts

The contract layer is fully on-chain and immutable. No admin keys, no upgradability.

  • Bermuda Pool — The core smart contract that holds all shielded funds. Manages deposits, transfers, and withdrawals by verifying ZK proofs and enforcing compliance checks. See Contracts for details.
  • Verifiers — Satellite contracts that perform ZK-SNARK proof verification. Multiple verifier instances handle different UTXO topologies and spending scenarios. These are factory verifiers from the Noir / Barretenberg stack.
  • Compliance Gateway — The on-chain enforcement layer that governs fund flow. It checks deposits against the blacklist maintained by the Compliance Engine and verifies that withdrawals meet the compliance policies configured by each partner. See Compliance for the full framework.

Transaction Flow

  1. The User invokes the Bermuda SDK through their Wallet
  2. The SDK generates ZK proofs client-side and constructs a transaction payload
  3. The SDK screens the transaction through the Compliance Engine
  4. The payload is submitted to the Bermuda Relayer (or ERC-4337 Bundler / x402 Facilitator)
  5. The relayer dispatches the transaction to the Bermuda Pool
  6. The pool sends the proof to a Verifier contract for verification
  7. The pool checks compliance constraints against the Compliance Gateway
  8. If both checks pass, the state transition is committed on-chain