shield-halved.write

Shielded write namespace for encrypted contract transactions

The .write namespace provides encrypted contract write operations using Seismic's TxSeismic (type 0x4a) transaction format. Calldata is encrypted end-to-end from your client to the node's TEE, ensuring on-chain privacy.


Overview

When you call contract.write.functionName(...), the SDK:

  1. Encodes your function call using the contract ABI

  2. Encrypts the calldata using AES-GCM with a shared key derived via ECDH

  3. Constructs a TxSeismic with encryption metadata (nonce, block hash, expiry)

  4. Signs and broadcasts the transaction

  5. Returns the transaction hash

The encrypted calldata is bound to the transaction context (chain ID, nonce, block hash, expiry) via AES-GCM additional authenticated data, preventing replay attacks and tampering.


Usage Pattern

tx_hash = contract.write.functionName(arg1, arg2, ...)
  • Sync: Returns HexBytes transaction hash immediately

  • Async: Returns HexBytes transaction hash (must await)


Parameters

Function Arguments

Pass function arguments as positional parameters:

Transaction Options (Keyword Arguments)

All transaction options are optional keyword arguments:

Parameter
Type
Default
Description

value

int

0

ETH value to send (in wei)

gas

int | None

None

Gas limit (auto-estimated if None)

gas_price

int | None

None

Gas price in wei (uses network default if None)

security

None

Custom security parameters (block expiry, nonce, etc.)


Examples

Sync Usage

Async Usage

Sending ETH

Custom Gas Parameters

Custom Security Parameters

Combining All Parameters


Return Value

Returns HexBytes containing the transaction hash.

You can:

  • Convert to hex string: tx_hash.to_0x_hex()

  • Convert to bytes: bytes(tx_hash)

  • Wait for receipt: w3.eth.wait_for_transaction_receipt(tx_hash)


Privacy Guarantees

What Gets Encrypted

  • Function selector (4 bytes)

  • All function arguments

  • Encoding metadata

An observer watching the network can see:

  • Your address (transaction sender)

  • Contract address (transaction recipient)

  • Value transferred (if non-zero)

  • Gas used

But cannot see:

  • Which function you called

  • What arguments you passed

  • Any data in the calldata

What Remains Visible

These fields are not encrypted:

  • from — Your wallet address

  • to — Contract address

  • value — ETH amount sent

  • gas and gas_price — Gas parameters

  • nonce — Transaction nonce

  • Transaction metadata (block hash, expiry, encryption nonce)


Security Considerations

Block Hash Freshness

Every shielded transaction includes a recent block hash as a freshness proof. The node validates that:

  1. The block hash corresponds to a real block

  2. The block is recent (within the chain's freshness window)

This prevents:

  • Replay attacks across chains

  • Stale transaction submissions

Transaction Expiry

Transactions include an expiry block number. After this block:

  • The node will reject the transaction

  • You must create a new transaction with updated parameters

Default expiry: 100 blocks (~20 minutes on most chains)

Nonce Uniqueness

Each transaction uses a cryptographically random 12-byte encryption nonce. Never reuse nonces — this breaks AES-GCM security.

The SDK generates random nonces automatically. Only override if you know what you're doing (e.g., testing).


Error Handling


Comparison with Other Namespaces

Namespace
Encryption
Transaction Type
Gas Cost
Use Case

.write

Encrypted calldata

TxSeismic (0x4a)

Standard + encryption overhead

Privacy-sensitive writes

.twrite

No encryption

eth_sendTransaction

Standard

Public writes, lower cost

.dwrite

Encrypted + debug info

TxSeismic (0x4a)

Same as .write

Development/debugging


Best Practices

Use .write When

  • Function arguments contain sensitive data (amounts, addresses, private state)

  • Privacy is required (trading, voting, auctions)

  • Compliance requires on-chain confidentiality

Don't Use .write When

  • Function is view-only (use .read instead)

  • No privacy needed and gas optimization is priority (use .twrite)

  • Data is already public (e.g., reading public constants)

Production Checklist

  • Use default security parameters (don't override unless necessary)

  • Handle transaction failures gracefully

  • Wait for transaction confirmation before assuming success

  • Monitor gas prices and adjust if needed

  • Test with .dwrite first to verify calldata encoding


Low-Level Alternative

If you need more control (e.g., contract deployment, pre-encoded calldata):

See Shielded Write Guide for details.


See Also

Last updated