The problem [zkTRIPSTER] solves

+Bug bounty programs in the DeFi space can be hard to run and maintain, not always honored, and may not always offer sufficient compensation for white hats. This can lead to a lack of incentive for hackers to report vulnerabilities, which can ultimately result in a less secure DeFi ecosystem. Previous work had laid down essential tools for proving vulnerabilities via ZK proofs.

+Without the conditional payment infrastructure, however, parties must trust an inherently trusted intermediary to exchange vulnerability information for reward which limits their usefulness.

+From Vendors’ perspectives, it is often cheaper and easier to pay white hats to remain quiet and drag patch the vulnerability as long as possible. All the while, black hats may find and exploit the vulnerability, leveraging Vendors’ slow response act. Public vulnerability disclosure is the only effective way of keeping Vendors accountable and efficient in patching vulnerabilities.

Challenges you ran into

1. Running the example code
2. Dealing with limitations of zkvms

Technology used

Solidity React Node zkProofs SP1 risk 0 VM EVM VIEM Rust CSS