I went looking for a failed Midnight transaction and couldn’t find one.
Not “couldn’t debug it.”
Couldn’t find it.
First I blamed the indexer. Then the wallet. Then that small, ugly possibility that I’d clicked too fast and imagined the whole interaction. My thumb was still warm on the glass, which felt stupidly relevant for a second.
But the interaction had happened. Locally, at least.
That’s the part Midnight makes slightly eerie. The Compact-generated contract logic can be run and inspected before proof generation or submission, and each circuit call produces structured proofData on the client side. Midnight’s generated contract code also validates the witnesses object up front, including functions like localSecretKey, before anything touches the network.
So I started there.
Not on-chain.
Inside the machine.
A witness mismatch. Or something close enough to feel like one. The circuit path I thought I had wasn’t the path the prover could actually use. Midnight’s proof server sits in that next step too, required before deployment or transaction submission, something had clearly happened. Just not in a form the Midnight chain was ever going to see.
That’s the unsettling part.
On Midnight, absence can be the artifact.
No rejected state transition. No public failure event. No neat on-chain scar saying: here, this is where the attempt died. The ledger only knows what reaches verification. Contract calls are defined around verifier keys and transaction checks once they are actually in that pipeline.
So when a Midnight action fails before the network can even recognize it as an action, the chain stays clean.
And the mistake?
It stays with whoever was closest to the witness when it broke.