Skip to main content

Documentation Index

Fetch the complete documentation index at: https://cove-cash.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

A Cove claim link is the only thing a recipient needs to collect a payment. There are no wallet addresses exchanged, no login required — just the link. That simplicity comes with a responsibility: the link carries real cryptographic secrets, and you should treat it with the same care you would give cash.

What a claim link is

A claim link is a bearer instrument. Whoever holds it can claim the funds. There is no additional authentication layer — the link itself is the proof of ownership. This is by design: it means the recipient does not need to share their wallet address, and the payment cannot be traced back to your wallet. But it also means the link must be protected.
Claim links are single-use bearer instruments. Anyone who receives the link can claim the funds. Once the link is used, it is permanently invalid and cannot be reused. Do not post claim links publicly.

What a claim link contains

The link encodes a small bundle of data that the Cloak protocol needs to authorize the withdrawal. In plain terms, that bundle includes:
  • A private spending key — the secret that proves the right to spend the funds. This is never transmitted to the blockchain; it is used only to generate a zero-knowledge proof server-side.
  • A blinding factor — a second secret required to reconstruct the cryptographic commitment that was posted on-chain at deposit time. Without it, the UTXO cannot be spent, even if the spending key is known.
  • The payment amount and token — the amount deposited and whether it is SOL, USDC, or USDT.
  • Commitment data — cryptographic hashes that anchor the UTXO to its position in the shielded pool’s state tree.
  • The deposit transaction signature — a reference to the on-chain deposit that created this UTXO.
None of this data includes your wallet address or the recipient’s wallet address. The link is self-contained and wallet-agnostic.

What “single-use” means

When the recipient claims a payment, a nullifier is posted on-chain. The nullifier permanently marks the underlying UTXO as spent. Any subsequent attempt to claim the same link will fail on-chain because the nullifier already exists. There is no way to reverse this or generate a second valid claim from the same link.

Security best practices

  • Share only via private message. Send the claim link directly to the intended recipient through a private channel — a DM, a private chat, or an encrypted message. Do not post it in public channels, forums, or group chats.
  • Do not screenshot and share publicly. A screenshot of a claim link is just as valid as the link itself.
  • Save the link from your Dashboard. After you generate a claim link, the Cove Dashboard stores it locally so you can re-copy it later without regenerating. Use the Dashboard rather than copying the link from a chat history.
  • Claim promptly. While claim links do not expire on a fixed schedule, the sooner the recipient claims, the smaller the window for interception.

If the link is lost

Cove saves your UTXO data to your browser’s local storage before any network call is made. If you generated a claim link and then lost it — for example, because you closed the tab — you can recover it from the Dashboard, as long as you are using the same browser and the browser data has not been cleared. If your browser data was cleared or you are on a different device, the blinding factor that makes the UTXO spendable is no longer available and the link cannot be recovered.
Open the Dashboard immediately after every deposit and verify the claim link is listed. This gives you a reliable recovery point without depending on chat history.

If the link is shared with someone else

If someone else obtains the claim link before the intended recipient does, they can claim the funds. Cove has no way to restrict who uses a valid link — that is the trade-off for not requiring wallet addresses. If a link is compromised before it is claimed, there is no mechanism to revoke or redirect it.