Security Analysis of Micromix: A Noncustodial Ethereum Mixer

This paper analyses MicroMix, a noncustodial Ethereum mixer that unlinks deposits from withdrawals using browser-side zkSNARKs, a centralised relayer, and on-chain enforcement via Semaphore and Mixer contracts. The study formalises core acceptance conditions—value conservation, nullifier uniqueness, external‑nullifier scoping, and signal binding—and evaluates risks that persist despite sound cryptography, including timing correlation in small anonymity sets, Sybil pool distortion, single‑relayer censorship, ETH payout liveness under gas‑stipend limits, ERC‑20 heterogeneity, circuit–verifier input/order mismatches, and cross‑chain replay. The work proposes concrete mitigations: randomised scheduling and probabilistic batching, multi‑denomination support, decentralised relayer participation with user-paid fallbacks, guarded call patterns with reentrancy protection, SafeERC20 enforcement and token whitelisting, strict public‑input ordering and signal‑to‑field mapping, a fixed mixer-scoped external nullifier, and chain-bound proofs. With these measures, MicroMix can preserve unlinkability while improving liveness and correctness in adversarial environments, advancing practical, privacy‑preserving withdrawals on Ethereum.