Reclaim protocol lets users export their user data from any website into a zk proof. We do this by using the TLS session keys and constructing a zkcircuit using the data exchanged.
This required implementing the TLS1.3 js library ourselves to make required changes, and building encryption and decryption of data within the zkcircuit. The zkcircuit is uses some clever tricks to reduce proof size and proving time.
What you'll work on
- Finding vulnerabilities in the AES/ChaCha20 implementation inside a zkcircuit
- Finding vulnerabilities in the TLS library implementation
Example projects
- Find a way to incorrectly prove you own a certain email address
- Construct a cipher text that decrypts to the plain text expected by the zkcircuit
You'd be a good fit if
- You enjoy reverse engineering and breaking stuff
- You have won security bug bounties on web3 projects
Interview process
- Share your bug bounties
- 2 technical interviews
- 1 get-to-know interview