FlexProver

A trustless proof-of-trading-performance protocol built on Flare's Confidential Compute (FCC) framework. It solves a real problem traders face: how do you prove your PnL to a prop firm, a fund, or your Twitter followers, without handing over your API key or trusting a screenshot?

The answer is a Trusted Execution Environment (TEE). The user encrypts their Binance read-only API credentials using the TEE's public key directly in the browser, the plaintext key never touches a server or the blockchain. They then choose what to prove: a specific futures position, their total account PnL, their spot balances, or their full user profile. That selection is also encrypted before going on-chain.

Inside the secure enclave, the TEE decrypts the credentials, calls Binance's authenticated API, extracts only the chosen metric, and signs the result with its own secp256k1 key. The signed attestation is published on-chain via BinanceAttestationStore, where anyone can verify it using ecrecover — the TEE hardware proves the code wasn't tampered with, and the open-source handler proves the data came from Binance.

The result is a permanent, shareable, cryptographically unfakeable proof. Not a screenshot. Not a trusted third party. Math.

FlexProver is built on Flare's Confidential Compute (FCC) — a TEE (Trusted Execution Environment) framework that lets us fetch and attest private data without ever exposing it. The flow: a user's exchange credentials (Binance/Bitget API keys) are ECIES-encrypted client-side with the TEE's public key, then sent on-chain via our InstructionSender.sol contract on Flare Coston2. A TEE node decrypts them inside a hardware enclave, hits the exchange API, computes portfolio growth or trade history, then signs the result with a secp256k1 key. The signed attestation is published on-chain in BinanceAttestationStore.sol, verifiable by anyone via ecrecover.

The frontend is Next.js + React with Reown AppKit for multi-chain wallet connection (EVM + Solana) and a custom SIWX (Sign-In With X) auth flow. For the proof-card export we layer html-to-image, jspdf, and html2canvas to produce shareable PNG/PDF attestation cards.

The hackiest part: the Next.js API route spawns Go CLI subprocesses (child_process.execFile) to talk to the TEE toolchain — reads the TX hash from stdout, then fetches the on-chain attestation. It works, but it's delightfully cursed for a production app.

Partner tech used: Flare FCC for TEE infrastructure + registry, Reown AppKit for wallet + SIWX auth, deployed on Flare Coston2 testnet.