HoneyPause

HoneyPause

HoneyPause is a permissionless on-chain EXPLOIT bounty tied to a circuit breaker.

326
Built at ETHDenver 2024
Identity, Privacy + Security Track

The problem HoneyPause solves

After deploying, protocols operate at a severe security disadvantage. Hackers have infinite time and projects have limited tools for proactive protection. Currently the only real options are bug bounties, monitoring, and circuit breakers. Bug bounties discourage whitehats because they can involve contentious and arbitrary arbitration or KYC. Monitoring is often too late to catch an exploit. Circuit breakers have to be built into a protocol and increase the gas cost of user interactions. HoneyPause combines features from all of the alternatives to offer a novel tool to proactively secure smart contracts.

With HoneyPause, protocols register a bounty and provide three contracts: a Verifier, Pauser, and Payer. When a whitehat discovers an major exploit, they submit a claim transaction (along with the exploit contract) to the HoneyPause contract VIA PRIVATE MEMPOOL. In the transaction, HoneyPause contract will actually

  1. Run the exploit provided
  2. Verify that the protocol has been exploited against its Verifier.
  3. Revert the call frame of the exploit to restore the protocol to a safe state.
  4. Call the Pauser to pause the protocol.
  5. Call the Payer to pay the whitehat the bounty.

This all happens atomically, permissionlessly, and in a non-custodial fashion!
For a sample claim TX trace: https://phalcon.blocksec.com/explorer/tx/sepolia/0x1c3685f4ff4f84441e18c208810cba3a384d872ee503695d075feaa7f091ddff

Challenges we ran into

The only real challenge was believing that this hadn't been done before because the mechanism is so simple.

Cheer Project

Cheering for a project means supporting a project you like with as little as 0.0025 ETH. Right now, you can Cheer using ETH on Arbitrum, Optimism and Base.

Discussion