Proof of Exploit
Generate zero-knowledge proofs of smart contract bugs
Created on 25th November 2023
•
Proof of Exploit
Generate zero-knowledge proofs of smart contract bugs
The problem Proof of Exploit solves
Although there are bug bounty programs, we still see smart contract hacks. This causes innocent people to lose their hard-earned money.
If we try to understand why this happens, then one of the reasons is that the security researcher has to disclose the bug to the project team. If the project decides to not reward the security researcher, then the security researcher cannot do much, since they have already provided their part of the deal. Because such incidents take place, the security researcher might think that instead of responsibly disclosing the bug, they should exploit the project.
This project aims to solve two problems:
- Enable the security researcher to keep their bug secret until the negotiation.
- Help project teams to filter the spam by making it easy to verify reports.
Next, I want to work on a front-end to verify the proofs so that it is easier for the project teams to verify bug reports.
Challenges I ran into
- zkEVM proof verification was failing and after days of debugging, I found out there was a bug in the rust codebase which caused non-deterministic verification key generation.
- Debug trace generated using Anvil had some errors, i.e. it did not contain storage values for some SLOAD value which I am not sure why.
- It was so difficult to find a geth node since I needed it to generate steps tracing.
- Also, I have faced more issues related to Rust programming.
Tracks Applied (3)
User Security Tools
QuillAudits - Web3 Security 🛡️
Blockchain Forensics and Investigations Tools
BlockSec
Web3 Insurance & Risk Management
Polygon