Privacy-preserving developer reputation on Solana — Trustless scoring with ZK-SNARK verification, soulbound identity, and Helius-powered on-chain forensics.
ProofPass relies on 100% authentic, real-time data from Solana Devnet.
- If you connect a fresh/empty wallet, the app uses a baseline projection to ensure the UI remains fully functional and visual for testing purposes, while actively tracking and adding any new Devnet transactions you execute.
- Want the instant Elite Experience? Connect using our pre-configured Showcase Demo Wallet to see the fully populated 800+ tier Elite profile instantly.
- Built exclusively for the Developer Tooling / Infrastructure Track & the Helius Sponsor Bounty.
Developer verification in Web3 is fundamentally broken in three ways:
- Sybil Attacks — Airdrop farmers create 50 duplicate profiles to drain hackathon funding, bounties, and DAO grants
- The Doxing Dilemma — Elite developers refuse to prove their skills because it requires linking their highly-funded "whale" wallets to public profiles
- Borrowed Wallet Loophole — Current attestation protocols lack domain-bound nullifiers, meaning developers can buy or borrow "aged" dev wallets
ProofPass solves this with a fully on-chain, privacy-preserving developer reputation system:
| Problem | ProofPass Solution |
|---|---|
| Sybil Attacks | Helius-powered spam filtering removes dust, wash trades, and self-transfers |
| Doxing Dilemma | Groth16 ZK-SNARKs prove claims without revealing wallet or stats |
| Borrowed Wallets | On-chain activity analysis with freshness detection and domain-bound nullifiers (Phase 2) |
| Service | URL |
|---|---|
| Frontend | proofpass-zk.vercel.app |
| Backend API | proofpass-fnnh.onrender.com |
| Contract | Address |
|---|---|
proofpass_anchor |
4tHzoSdnEjy1pbSgWDaAMSUkkqg4Z9gSzfdmkjzjmJRe |
proofpass_identity |
HeWiebvk3exyrqj2BFfRgfJj4KgFCexQnZiCgBwyp1iH |
Network: Solana Devnet | RPC: Helius API
1. Connect Wallet → Phantom Wallet linked to ProofPass
2. Scan On-Chain → Helius API fetches enriched transaction history + NFTs
3. Filter Spam → 4-layer Sybil detection removes dust, self-transfers, wash trades
4. Calculate Score → Weighted algorithm: Deploys(5x) + NFTs(5x) + DAO(2x) + DeFi(1x)
5. Assign Badges → ZK-verifiable credentials based on on-chain activity
6. Generate ZK Proof → Circom 2.0 circuit + SnarkJS Groth16 → JSON proof
7. Share & Verify → Third party pastes proof → cryptographic pairing check → TRUE/FALSE
Developer Next.js Frontend Express Backend (Helius)
│ │ │
│── Connect Wallet ───────────►│ │
│ │── Fetch Transaction History ─►│
│ │ │── Query Helius API
│ │ │── Filter Spam (Sybil Guard)
│ │ │── Detect Hackathon NFTs (DAS)
│ │ │── Calculate On-Chain Score
│ │◄── Return Wallet Profile ─────│
│◄── View Dashboard ──────────│ │
│ │ │
│── "Generate ZK Proof" ──────►│ │
│ │── Request Groth16 Proof ─────►│
│ │ │── Load Circom WASM + zkey
│ │ │── SnarkJS fullProve()
│ │ │── Generate JSON Proof
│ │◄── Return ZK Proof JSON ──────│
│◄── Download / Share Link ───│ │
│ │ │
│ (Share JSON with Employer/DAO for Verification) │
│ │ │
Employer ──── Upload JSON ──────►│ │
│ │── SnarkJS verify() │
│ │── Groth16 Pairing Check: │
│ │ e(A,B) == e(α,β)·e(X,γ)·e(C,δ)
│◄── PROOF VERIFIED: TRUE ────│ │
graph TB
subgraph Client["🖥️ Client Layer"]
PW["🦊 Phantom Wallet"]
FE["⚛️ Next.js 14 Frontend"]
end
subgraph Backend["⚙️ Backend Layer"]
API["🚀 Express API Server"]
SF["🛡️ Spam Filter<br/>(Sybil Guard)"]
ZKE["🔐 ZK Engine<br/>(SnarkJS + Circom)"]
end
subgraph Helius["📡 Helius API"]
TX["📊 Enriched Transactions<br/>GET /addresses/{wallet}/transactions"]
DAS["🎨 DAS API<br/>POST getAssetsByOwner"]
end
subgraph Solana["⛓️ Solana Devnet"]
AP["📝 Anchor Program<br/>Identity State"]
RPC["🌐 Solana RPC"]
end
subgraph ZK["🔒 ZK Circuits"]
CC["📐 ProofCheck.circom"]
WASM["⚡ ProofCheck.wasm"]
ZKEY["🔑 ProofCheck_final.zkey"]
VK["✅ verification_key.json"]
end
PW -->|Connect| FE
FE -->|REST API| API
API -->|Fetch Txns| TX
API -->|Fetch NFTs| DAS
TX -->|Raw Data| SF
DAS -->|NFT Data| SF
SF -->|Clean Profile| ZKE
ZKE -->|Load Circuit| WASM
ZKE -->|Load Key| ZKEY
ZKE -->|Groth16 Proof| FE
FE -->|Verify| VK
API -->|Write Identity| AP
AP --- RPC
style Client fill:#1a1a2e,stroke:#00e87a,color:#fff
style Backend fill:#16213e,stroke:#3a9fff,color:#fff
style Helius fill:#0f3460,stroke:#f0a828,color:#fff
style Solana fill:#1a1a2e,stroke:#a855f7,color:#fff
style ZK fill:#16213e,stroke:#00e87a,color:#fff
- Generates a cryptographic proof using Circom 2.0 and SnarkJS
- Outputs a verifiable JSON
proofandpublic_signalswithout exposing raw numbers - Uses Groth16 proving system with BN254 pairing curves
- Private inputs (wallet, score, stats) are NEVER revealed to verifiers
- Fetches parsed transaction histories instantly via Helius enriched API
- Advanced spam filtering algorithm removes:
- Dust mints and micro-transfers
- Wash trading and self-transfers
- Repetitive same-program spam (>10 calls filtered)
- NFT analysis via Helius DAS API for hackathon badge detection
- On-chain identity recorded to Solana Anchor program
- Prevents users from transferring reputation scores to burner wallets
- Score tiers:
Beginner (0-299)→Contributor (300-599)→Builder (600-899)→Elite (900+)
- Third parties (employers, DAOs) verify ZK proofs instantly on the frontend
- No database required — pure cryptographic verification
- Shareable proof links with base64-encoded payloads
- Terminal-style verification animation with pairing check visualization
- Real-time on-chain score with animated progress bar
- Activity chart — weekly transaction history visualization
- Badge collection with earned/locked status
- Score breakdown by category (Deployments, NFTs, DAO, DeFi, Transactions)
| Badge Name | Criteria | Type |
|---|---|---|
| 🔧 Solana Developer | Deployed 1+ Programs via Helius API | ZK Verifiable |
| 🔐 ZK Developer | Interacted with ZK-related programs | ZK Verifiable |
| 🏆 Hackathon Winner | Holds recognized Hackathon NFTs | ZK Verifiable |
| 💎 DeFi User | 10+ interactions with SPL/DeFi protocols | ZK Verifiable |
| 🗳️ DAO Participant | 1+ governance votes detected | ZK Verifiable |
| ⚡ Power User | 500+ clean on-chain transactions | ZK Verifiable |
template ProofCheck() {
// Private input — actual value (NEVER revealed)
signal input value;
// Public input — minimum threshold to check against
signal input threshold;
// Output — 1 if value >= threshold, 0 otherwise
signal output is_valid;
signal diff;
diff <== value - threshold;
component lt = LessThan(32);
lt.in[0] <== threshold;
lt.in[1] <== value + 1;
is_valid <== lt.out;
}
component main {public [threshold]} = ProofCheck();| Proof Claim | Private Input | Public Input | Output |
|---|---|---|---|
programs_deployed >= 2 |
value = programs_deployed |
threshold = 2 |
is_valid = 1 |
hackathon_wins >= 1 |
value = hackathon_nfts |
threshold = 1 |
is_valid = 1 |
on_chain_score >= 500 |
value = on_chain_score |
threshold = 500 |
is_valid = 1 |
The private input (
value) is NEVER revealed. The verifier only learns TRUE or FALSE.
circuits/
├── ProofCheck.circom # Circuit definition
├── build/
│ ├── ProofCheck.wasm # Compiled WASM (for proof generation)
│ ├── ProofCheck_final.zkey # Proving key (Groth16)
│ └── verification_key.json # Verification key (public)
├── pot12_final.ptau # Powers of Tau ceremony file
└── setup_zk.js # Circuit compilation & key generation script
TIER 1 — Highest Signal (weight: 5x)
Program/Contract Deployments → +200 per deployment
Hackathon NFT Badges → +150 per badge
TIER 2 — Medium Signal (weight: 2x)
DAO Voting participation → +50 per vote
Unique programs interacted → +10 per unique program
TIER 3 — Low Signal (weight: 1x)
Active transactions → +30 per 100 txns
DeFi/SPL token interactions → +20 per interaction
| Category | Programs Monitored |
|---|---|
| Deploy Detection | BPFLoaderUpgradeab1e, BPFLoader2, BPFLoader1 |
| DAO Voting | SPL Governance, Marinade Gov, Squads, Tribeca |
| DeFi Protocols | Jupiter, Orca Whirlpool, Raydium, Mercurial, Saber |
| Hackathon NFTs | Colosseum, Superteam, Breakpoint, ETHGlobal, Encode |
0 — 299 │ Beginner │ ░░░░░░░░░░ │ New wallet, minimal activity
300 — 599 │ Contributor │ ████░░░░░░ │ Some deployments or NFTs
600 — 899 │ Builder │ ███████░░░ │ Active developer profile
900+ │ Elite │ ██████████ │ Full-stack on-chain builder
To prevent the "Borrowed Wallet Loophole" and integrate with mature ecosystems:
- Off-Chain Indexer — Aggregates public reputation sets (e.g., "Deployed Mainnet Program", "Integrated Jito/Helius")
- Private Inclusion — Developers privately prove wallet ownership within reputation sets via signatures and Merkle inclusion inside the Circom circuit
- Domain-Bound Nullifiers — Circuit outputs a hackathon-specific nullifier, mathematically guaranteeing the same developer cannot create 50 profiles for one event
- Freshness Windows & Liveness — Time-bound constraints ensure credentialed wallets weren't bought/sold
- Attestation Plugs — Verifiable outputs that plug directly into the Solana Attestation Service
| Layer | Technology |
|---|---|
| Frontend | Next.js 14, TypeScript, Brutalist UI, Web Audio API |
| Backend | Node.js, Express, TypeScript |
| Smart Contracts | Rust, Anchor Framework v0.30 |
| Cryptography | Circom 2.0, SnarkJS (Groth16), BN254 Curves |
| Blockchain | Solana Devnet |
| Data Indexing | Helius Enriched API, Helius DAS (NFTs) |
| Wallet | Phantom Wallet Adapter |
| Hosting | Vercel (Frontend), Render (Backend) |
ProofPass/
├── frontend/ # Next.js frontend
│ ├── app/
│ │ ├── page.tsx # Landing Page — Terminal Hero + Live Feed
│ │ ├── dashboard/ # Analytics Dashboard + ZK Proof Generator
│ │ │ └── [module]/ # Dynamic module pages
│ │ └── verify/ # Public ZK Verification Portal
│ ├── components/
│ │ ├── Navbar.tsx # Navigation bar + wallet connect
│ │ ├── ScoreCard.tsx # Animated score display + tier badge
│ │ ├── StatsCards.tsx # Stats grid (Deploys, NFTs, DAO, DeFi)
│ │ ├── ActivityChart.tsx # Weekly transaction activity chart
│ │ ├── ProofSelectionModal.tsx # ZK proof type selector
│ │ ├── ProofShareModal.tsx # Proof download + share link
│ │ ├── LiveProofFeed.tsx # Real-time proof generation feed
│ │ ├── BackgroundParticles.tsx # Canvas particle animation
│ │ ├── AudioEngine.tsx # Web Audio API sound effects
│ │ └── Sidebar.tsx # Dashboard sidebar navigation
│ └── public/
│ └── logos/ # Partner & tech logos
│
├── backend/ # Node.js Express API
│ ├── src/
│ │ ├── index.ts # Server entry + CORS config
│ │ ├── helpers/
│ │ │ ├── helius.ts # Helius API integration + scoring math
│ │ │ └── solana.ts # Solana RPC helpers + signature caching
│ │ └── routes/
│ │ ├── score.ts # POST /calculate-score — profile + badges
│ │ ├── proof.ts # POST /generate-proof — Groth16 via SnarkJS
│ │ ├── verify.ts # POST /verify-proof — pairing check
│ │ ├── profile.ts # POST /wallet-profile — raw stats
│ │ └── activity.ts # POST /activity-history — weekly chart data
│
├── circuits/ # Circom ZK circuits
│ ├── ProofCheck.circom # Main circuit: value >= threshold
│ ├── build/ # Compiled WASM + proving/verification keys
│ ├── pot12_final.ptau # Powers of Tau ceremony file
│ └── setup_zk.js # Circuit compilation script
│
├── proofpass_anchor/ # Anchor smart contracts (Rust)
│ └── programs/
│ └── proofpass_anchor/ # On-chain identity state program
│
└── anchor/ # Additional Anchor workspace
├── programs/ # Core identity program
└── tests/ # Contract tests
- Node.js 18+
- Rust & Cargo
- Solana CLI
- Phantom Wallet Extension — Install
cd backend
npm install
# Create .env with:
# HELIUS_API_KEY=your_helius_api_key
# SOLANA_CLUSTER=devnet
# PORT=3001
npm run dev
# → http://localhost:3001cd frontend
npm install
# Create .env with:
# NEXT_PUBLIC_BACKEND_URL=http://localhost:3001
# NEXT_PUBLIC_SOLANA_CLUSTER=devnet
# NEXT_PUBLIC_PROGRAM_ID=4tHzoSdnEjy1pbSgWDaAMSUkkqg4Z9gSzfdmkjzjmJRe
npm run dev
# → http://localhost:3000cd proofpass_anchor
anchor build
# Output: target/deploy/proofpass_anchor.socd circuits
node setup_zk.js
# Generates: ProofCheck.wasm, ProofCheck_final.zkey, verification_key.jsonProofPass uses two Helius API endpoints:
- Enriched Transactions —
GET /addresses/{wallet}/transactionsfor parsed transaction history - DAS API —
POST getAssetsByOwnerfor NFT collection and hackathon badge detection
Both endpoints include 5-minute server-side caching to reduce API load.
// 4-layer spam detection:
1. Failed/unknown transactions (fee === 0) → removed
2. Self-transfers (from === to) → removed
3. Token dust (amount < 0.001) → removed
4. Repetitive program calls (>10 per source) → removed// Backend uses SnarkJS fullProve():
const { proof, publicSignals } = await snarkjs.groth16.fullProve(
{ value: score, threshold: 500 }, // Private: score, Public: threshold
"circuits/build/ProofCheck.wasm", // Compiled circuit
"circuits/build/ProofCheck_final.zkey" // Proving key
);
// Returns: { pi_a, pi_b, pi_c, protocol: "groth16", curve: "bn128" }Circuit artifacts are resolved dynamically for both local dev and Render deployment:
const possiblePaths = [
path.join(__dirname, "../../../circuits/build"), // Local dev
path.join(__dirname, "../../circuits/build"), // Render production
];- Instant Fetching — Helius parsed transaction APIs make indexing developer history lightning fast
- Low Fees — Recording identity state on-chain costs fractions of a cent
- DAS API — Digital Asset Standard for comprehensive NFT analysis
- Thriving Dev Ecosystem — The perfect target audience for a developer reputation platform
- Groth16 Compatibility — BN254 curves supported natively for efficient ZK verification
MIT License — free to use, modify, and distribute.
Built with ❤️ on Solana for the decentralized future of developer identity.