zkPoEX enables white hat hackers to report live vulnerabilities in smart contracts while maintaining the confidentiality of the exploit

Related tags

Command-line zkPoEX
Overview

zkPoEX

zkPoEX

zkPoEX (zk proof of exploit) is a Proof-of-Concept developed at ETH Denver Hackathon with the aim to facilitate communication and collaboration between security experts and teams in the decentralized finance (DeFi) space by enabling white hat hackers to report live vulnerabilities in smart contracts while maintaining the confidentiality of the exploit.

Problem

Bug bounty programs in the DeFi space can be hard to run and maintain, not always honored, and may not always offer sufficient compensation for white hats. This can lead to a lack of incentive for hackers to report vulnerabilities, which can ultimately result in a less secure DeFi ecosystem.

Solution

Our tooling allows auditors to safely generate a zero-knowledge proof of exploit without revealing the actual exploit. With zero-knowledge proofs, the auditor can prove that they know of a transaction that can produce an undesirable change of state in certain contracts, without revealing the specifics of the exploit.

Since the auditor is not giving away the exploit, the project is incentivized to work with the auditor to fix the vulnerability. This facilitates communication and collaboration between hackers and project owners for a more secure DeFi ecosystem.

zkPoEX

Technologies Used

The project utilizes the following technologies:

  • Risc0: A General Purpose Zero-Knowledge VM that allows to prove and verify any computation. The RISC Zero ZKVM is a verifiable computer that works like a real embedded RISC-V microprocessor, enabling programmers to write ZK proofs like they write any other code.
  • SputnikVM: A high-performance, modular virtual machine for executing Ethereum smart contracts.
  • Zero-Knowledge Proofs: A cryptographic technique that allows one party to prove to another party that a statement is true, without revealing any additional information beyond the fact that the statement is true.

Installation and Setup

To use the project, you will need to have the following installed on your system:

To test the evm :

$ just test-evm

To generate proof (and verify) :

$ just prove

Please note that this particular example requires at least 16gb of RAM and may take a long time depending on your hardware.

Acknowledgements:

We would like to thank Maciej Zieliński for providing an example in his blog post of how to run Solidity code inside SputnikVM inside Risc0. We would also like to thank Daniel Lumi for advising us in this project.

Contributing

Contributions to the project are welcome and encouraged. To contribute, fork the project on GitHub, make your changes, and submit a pull request.

Disclaimer

zkPoEX is provided "as is" without any warranties.

The purpose of zkPoEX is to promote responsible disclosure and encourage organizations to address security vulnerabilities in a timely and effective manner, thereby enhancing overall security.

The developers and maintainers of the Tool disclaim all liability for any damages, losses, or harm resulting from the use or misuse of the Tool.

For more information, read the Disclaimer

You might also like...
Coinlive is an interactive command line tool that displays live cryptocurrency prices.
Coinlive is an interactive command line tool that displays live cryptocurrency prices.

Coinlive is an interactive command line tool that displays live cryptocurrency prices. It can also display simple historical price charts.

Rust-advent - Learning Rust by solving advent of code challenges (Streaming live on Twitch every Monday)
Rust-advent - Learning Rust by solving advent of code challenges (Streaming live on Twitch every Monday)

Rust advent 🦀 🐚 Learning Rust by implementing solutions for Advent of Code problems. 🎥 HEY, we are live-streaming our attempts to solve the exercis

Open-source Rust framework for building event-driven live-trading & backtesting systems

Barter Barter is an open-source Rust framework for building event-driven live-trading & backtesting systems. Algorithmic trade with the peace of mind

glicol cli: cross-platform music live coding in terminal

glicol-cli What's this? It's a command line interface that you can use for music live coding with Glicol. It watches a file changes and then update th

Demo Repo for BSides 2024 Live Training: "Blue Crab Shells: Getting Started with Offensive Rust Programming"

Blue Crab Shells: Getting Started with Offensive Rust Programming This repository contains example code for the live training provided for BSides San

A simple CLI I made while practicing rust to easily make QR codes with just one command, all in your terminal.
A simple CLI I made while practicing rust to easily make QR codes with just one command, all in your terminal.

Welcome to rust-qrcode-cli 👋 A CLI I made while practicing rust to easily make QR codes with just one command, all in your terminal. Install git clon

Firefox used to have this feature a while back (from Firefox 11 to 46) and it is so good, that I feel it needs revival.
Firefox used to have this feature a while back (from Firefox 11 to 46) and it is so good, that I feel it needs revival.

3D WebPage Inspector By: Seanpm2001, Et; Al. Top README.md Read this article in a different language Sorted by: A-Z Sorting options unavailable ( af A

🍅 A command-line tool to get and set values in toml files while preserving comments and formatting

tomato Get, set, and delete values in TOML files while preserving comments and formatting. That's it. That's the feature set. I wrote tomato to satisf

A lightweight async Web crawler in Rust, optimized for concurrent scraping while respecting `robots.txt` rules.

🕷️ crawly A lightweight and efficient web crawler in Rust, optimized for concurrent scraping while respecting robots.txt rules. 🚀 Features Concurren

Releases(v0.0.2-alpha)
Owner
zkoranges
zkoranges
For a hackers in rust.

My Leetcode Solution in Rust Run cargo run {id} to initialize the template submission file of "question #id". Run cargo test test_{id} to test the sol

World Best 6 Nov 2, 2023
⚡️ A blazing fast way of maintaining powerful notes with connections between them.

Zettl ⚡️ A blazing fast way of maintaining powerful notes with connections between them. Installing Zettl To install Zettl, you will need the Rust too

Tirth Jain 26 Dec 2, 2022
Authentication workaround for N-Central Report Manager

reportlinkfix Authentication workaround for N-Central Report Manager. Takes the link that N-Central creates for Report Manager and outputs a working l

501 Commons 1 Jan 31, 2022
Navigate in the world of ESP32 with easy. Tool for maintaining development environment.

ESP Helm Get all important information for Embedded Development with ESP32 and mainitain the development environment. Check out releases for binary ve

Juraj Michálek 4 Aug 7, 2023
A Rust crate for parsing HID Report Descriptors.

Project Mu HID Crate Repository This repository contains a library crate that provides parsing services for HID Report Descriptors. This repository is

Microsoft 3 Sep 25, 2023
A cross platform, rust implementation for the Tegra X1 bootROM exploit

Switcheroo A CLI and GUI for the RCM BootRom exploit (Fusée Gelée exploit for Nintendo Switch) Only works on unpatched Switches: https://ismyswitchpat

Ethan Budd 35 Nov 5, 2022
apache-shiro-exploit

郑重声明:文中所涉及的技术、思路和工具仅供以安全为目的的学习交流使用,任何人不得将其用于非法用途以及盈利等目的,否则后果自行承担。 使用方法 ➜ ~ shiro_exploit --help Usage: shiro_exploit [--key <key>] [-m <mode>] [-t <t

EMOCAT 27 Jan 8, 2023
Write your own exploit for $CASH

Cashio Exploit Workshop The Cashio hack was one of the biggest hacks occurred in Solana ecosystem which allowed the attacker to print infinite amount

Narya.ai 21 Mar 22, 2023
List public items (public API) of library crates. Enables diffing public API between releases.

cargo-public-items List public items (the public API) of a Rust library crate by analyzing the rustdoc JSON of the crate. Automatically builds the rus

Martin Nordholts 203 Dec 31, 2022
Platform that enables Windows driver development in Rust. Developed by Surface.

windows-drivers-rs This repo is a collection of Rust crates that enable developers to develop Windows Drivers in Rust. It is the intention to support

Microsoft 1.1k Oct 11, 2023