Data Flow

Before any data leaves the user's browser, it is encrypted using the Sapphire Public Key. The frontend fetches this key directly from the Sapphire network via the web3 provider.

The user submits the transaction to the PrivateLendingIngress contract on Mantle.
What is visible?

• User Address (Sender)
• The encrypted Ciphertext (Blob)
• Gas Fees paid in MNT

Crucially, the actual action details (amount, token type) are hidden inside the ciphertext.

The Ingress contract emits a Hyperlane event. Relayers observe this event and transport the message payload to the Sapphire network.

Inside the Sapphire Trusted Execution Environment (TEE):

1. The LendingCore contract receives the message.
2. It uses the Private Key (only available inside the enclave) to decrypt the ciphertext.
3. It executes the logic (e.g., adds 1000 USDC to user's collateral).
4. It updates the private state storage.

Ponder picks up the "ActionProcessed" event from Sapphire.
While the details remain private, the event confirms success or failure. The frontend queries the Ponder GraphQL API to update the UI (e.g., stopping a loading spinner).