DAO leaks

Problem Statement

DaoLeaks: Anonymous DAO Messaging PlatformProduct DescriptionDaoLeaks is a decentralized platform that enables anonymous messaging for DAO members and token holders. Users can post messages while proving their voting power eligibility through zero-knowledge proofs, maintaining privacy without revealing their identity or exact token holdings.Core FunctionalityAnonymous Messaging: Token holders can share opinions, feedback, and governance insights without exposing their wallet addresses. Messages are categorized by voting power tiers (>1k, >10k, >50k tokens) to provide context while preserving anonymity.Zero-Knowledge Verification: The system uses cryptographic proofs to verify that users meet minimum token requirements without revealing their actual balances or identities. This prevents spam while maintaining privacy.Gasless Operation: Users don't pay transaction fees. Messages are submitted through a relay service that handles blockchain interactions.Technical ImplementationArchitecture:Smart contracts on Base Sepolia for message storage and proof verificationNoir zero-knowledge circuits for privacy-preserving token balance verificationReact frontend with wallet integration and client-side proof generationEthereum storage proofs to verify token balances against blockchain statePrivacy Mechanism:User connects wallet and composes messageSystem generates storage proof of token balance from blockchainUser signs message with EIP-712 standardZero-knowledge proof is generated client-side proving signature ownership and sufficient voting powerMessage submitted anonymously via relay serviceSecurity Features: Message authenticity through cryptographic signatures, storage root validation for recent blockchain state, and EIP-712 domain separation for replay protection.Current StatusDeployed: Working smart contracts, complete zero-knowledge circuits, functional web interface with wallet integration, and operational relay system for gasless transactions.Use Cases: Anonymous feedback on governance proposals, whistleblowing on DAO issues, minority opinion expression, and honest discourse without social pressure.The platform addresses the need for private communication channels in token-based governance systems where public accountability can inhibit honest feedback and minority voices.

Solution

DaoLeaks: Technical ImplementationArchitecture OverviewDaoLeaks is built using a three-layer architecture combining zero-knowledge cryptography, smart contracts, and a React frontend to enable anonymous yet verifiable messaging for DAO members.Core ComponentsZero-Knowledge Circuit (Noir)Storage Proof Verification: Custom Noir circuits verify Ethereum storage proofs to confirm token balances without revealing exact amountsSignature Verification: ECDSA secp256k1 signature verification ensures message authenticity while maintaining anonymityMerkle Patricia Trie Implementation: Full implementation of Ethereum's storage trie verification including RLP decoding and node traversalMulti-depth Support: Circuits compiled for storage proof depths 1-20 to handle different blockchain storage structuresUltra Honk Backend: Uses Aztec's Ultra Honk proving system for efficient proof generation and verificationSmart Contract System (Solidity)Proof Verification: 20 separate Honk verifier contracts for different storage proof depthsMessage Storage: On-chain storage of anonymous messages with voting power tiers and timestampsEIP-712 Implementation: Structured message signing with domain separation for securityStorage Root Management: Oracle system for managing valid blockchain storage roots with time-based expirationVoting Power Tiers: Three-tier system (1k, 10k, 50k tokens) with configurable thresholdsFrontend Application (React/TypeScript)Wallet Integration: WalletConnect/AppKit for seamless wallet connectionsClient-side Proving: Browser-based zero-knowledge proof generation using WebAssembly, ensuring user data never leaves their deviceStorage Proof Generation: Direct RPC calls to fetch Ethereum storage proofs for user's token balanceSignature Utilities: EIP-712 message signing with proper domain parametersRelay Integration: Gasless transaction submission through API endpointsCryptographic FlowProof Generation Process:Storage Proof Fetching: Query blockchain RPC for storage proof of user's token balance at specific blockMessage Signing: Generate EIP-712 signature of message content using connected walletPublic Key Recovery: Extract public key from signature for circuit inputCircuit Execution:Verify storage proof against known storage rootVerify signature matches recovered public keyConfirm token balance meets minimum thresholdGenerate zero-knowledge proof of all constraints entirely in the user's browserOn-chain Verification: Smart contract verifies proof using precompiled Honk verifierPrivacy Guarantees:Identity Protection: Wallet address never included in public inputs or stored on-chainBalance Privacy: Only tier-level voting power revealed, not exact token amountsUnlinkability: No correlation possible between multiple messages from same userForward Secrecy: Historical messages remain anonymous even if identity later revealedClient-side Privacy: All sensitive computations happen locally in the browser, eliminating the need to trust external proving servicesSecurity ConsiderationsStorage Root Validation: Time-bounded storage roots prevent stale state attacksSignature Domain Separation: EIP-712 prevents cross-contract signature reuseProof Depth Validation: Circuit constraints prevent malicious storage proof manipulationRelay Protection: Server-side validation before blockchain submissionClient-side Proving: Eliminates need to trust external proving services and ensures maximum privacy `