Abstract:

This paper analyses MicroMix, a noncustodial Ethereum mixer that unlinks deposits from withdrawals using browser-side zkSNARKs, a centralised relayer, and on-chain enforcement via
Semaphore and Mixer contracts. The study formalises core acceptance conditions—value conservation, nullifier uniqueness, external-nullifier scoping, and signal binding—and evaluates risks that persist despite sound cryptography, including timing correlation in small anonymity sets, Sybil pool distortion, single-relayer censorship, ETH payout liveness under gas-stipend limits, ERC-20 heterogeneity, circuit–verifier input/order mismatches, and cross-chain replay. The work proposes concrete mitigations: randomised scheduling and probabilistic batching, multi-denomination support, decentralised relayer participation with user-paid fallbacks, guarded call patterns with reentrancy protection, SafeERC20 enforcement and token whitelisting, strict public-input ordering and signal-to-field mapping, a fixed mixer-scoped external nullifier, and chain-bound proofs. With these measures, MicroMix can preserve unlinkability while improving liveness and correctness in adversarial environments, advancing practical, privacy-preserving withdrawals on Ethereum.