SolMask stores every deposit as a leaf in an append-only Poseidon Merkle tree of depth 24, accommodating up to 16,777,216 deposits before the pool needs to roll. The root of the tree is a single 32-byte value that cryptographically commits to the entire deposit history: if any leaf changes, the root changes.
When you withdraw, your zero-knowledge proof attests that your commitment appears at some position in the tree — without revealing which position. The proof carries a Merkle path (a sibling hash at each of the 24 levels) and the circuit re-hashes upward to confirm the root matches.
On-chain we keep a root_history PDA holding the last 64 roots, refreshed each time a deposit lands. A withdraw is valid against any of those recent roots, so a transient root update doesn't invalidate proofs that were generated a few seconds before. The frontier (the right-most path of the tree) is what the deposit instruction actually mutates, keeping per-deposit cost constant in the tree depth.