A shielded pool is the part of SolMask that holds the money. Every deposit goes into the same on-chain account, and every withdraw comes out of that same account. The pool itself is fully public — you can read its balance, see every deposit transaction, and see every withdraw transaction. What you cannot read is which deposit corresponds to which withdraw.
That single missing piece is the entire product.
A shared vault, with no operator to trust
The intuition is pooling. Imagine everyone deposits the same denomination of identical bills into one shared vault, and later each person withdraws the same amount back out. Because the bills are commingled, an outside observer watching the vault can't tell which bills came from whom — as long as whoever holds the vault keeps no records.
The problem with the old-world version of this is the operator holding the vault. They know exactly who deposited what and who withdrew what. If they keep records — or get subpoenaed for them — the privacy collapses retroactively.
A shielded pool is that shared vault with nobody holding it. The "operator" is a smart contract on Solana. It has no human in the loop, no off-chain database of who-deposited-what, and no ability to censor or seize funds. Its rules are public, its code is public, and the only thing it can do is what the rules let it do.
When you deposit into SolMask's SOL pool, your SOL joins the same vault as every other depositor's SOL. When you withdraw, the vault sends SOL to your destination address. The vault's bookkeeping doesn't track "who owns which SOL"; it only tracks "how much total SOL is in here, and how much can be legitimately withdrawn." Your right to withdraw is proven cryptographically (see how zero-knowledge proofs work) rather than by name.
Both ends are on-chain. Only the middle is hidden.
A subtle point that trips up new users: SolMask does not hide your deposit. Your deposit transaction is a perfectly ordinary Solana transaction. It shows your wallet, the amount, and the pool address it went to. Anyone reading the chain can see that wallet A sent 5 SOL to the SolMask pool at slot 312,488,712.
Similarly, SolMask does not hide your withdraw. The withdraw is also a perfectly ordinary Solana transaction. It shows the pool address paying out some amount of SOL to recipient wallet B.
What's hidden is the link. There's no field in either transaction, no shared identifier, no signature pattern, no timing fingerprint (if you wait long enough) that ties A's deposit to B's withdraw. To an observer, you have a public list of deposits, a public list of withdraws, and a mathematically enforced shuffle in between.
This is why privacy in a shielded pool depends on the crowd. If you're the only person who ever deposited 5.000 SOL and then someone withdraws 5.000 SOL an hour later, you've identified yourself by elimination. The pool's job is to keep enough activity flowing that any given withdraw could plausibly correspond to any of dozens or hundreds of recent deposits.
What the contract actually stores
Concretely, when you deposit, SolMask writes a single 32-byte hash — a commitment — into an on-chain Merkle tree. The commitment is a one-way function of four secrets your browser derives from your wallet: a spend secret, a nullifier secret, the deposit amount, and the unlock slot. You don't choose or store them — the same wallet reproduces them deterministically whenever you reconnect. From the commitment alone, nothing can be reconstructed.
When you withdraw, your browser generates a proof that says "I know one of the commitments in the tree, and I'm authorizing a withdraw of X tokens to address Y." The proof reveals X and Y, but it does not reveal which commitment it's about. The chain stores a small marker called a nullifier to prevent the same deposit from being withdrawn twice, and that's the end of the transaction.
What this gets you, and what it doesn't
A shielded pool gives you on-chain unlinkability between your sending wallet and your receiving wallet. It does not give you off-chain anonymity. If you tell the world "I just deposited into SolMask" on Twitter, the cryptography can't help you. If the address you withdraw to is already public as yours, the cryptography can't help you. And if you withdraw the same unusual amount that you deposited thirty seconds earlier, the math says you're hidden but the timing says you're not.
The shielded pool is the mathematical engine. Using it well is its own skill, and we cover that in the rest of the Learn section.