zk TRIPSTER
zk TRIPSTER stands for Time Release Incentive Platform for Security Threat Ethical Reporting +
-
Bug bounty programs in the DeFi space can be difficult to run and maintain, not always honored, and may not always offer sufficient compensation for white hats. This can decrease hackers’ motivation to report vulnerabilities, potentially leading to a less secure DeFi ecosystem. -
-
zk TRIPSTER utilizes zkPoEX (zk proof of exploit) as a crucial element that enables ethical hackers to demonstrate the discovery of a vulnerability without immediately disclosing the specific details of the exploit. The main objective is to enhance communication and foster trustless collaboration between vulnerability researchers and DeFi application developers. -
-
This project aims to create an end-to-end verifiable cryptographic infrastructure that facilitates coordinated vulnerability disclosure and contingent transactions for trading exploit information for monetary reward. -
Team's submissions
The problem [zkTRIPSTER] solves
+Bug bounty programs in the DeFi space can be hard to run and maintain, not always honored, and may not always offer sufficient compensation for white hats. This can lead to a lack of incentive for hackers to report vulnerabilities, which can ultimately result in a less secure DeFi ecosystem. Previous work had laid down essential tools for proving vulnerabilities via ZK proofs.
+Without the conditional payment infrastructure, however, parties must trust an inherently trusted intermediary to exchange vulnerability information for reward which limits their usefulness.
+From Vendors’ perspectives, it is often cheaper and easier to pay white hats to remain quiet and drag patch the vulnerability as long as possible. All the while, black hats may find and exploit the vulnerability, leveraging Vendors’ slow response act. Public vulnerability disclosure is the only effective way of keeping Vendors accountable and efficient in patching vulnerabilities.
Challenges you ran into
- Running the example code
- Dealing with limitations of zkvms
Technology used
Solidity React Node zkProofs SP1 risk 0 VM EVM VIEM Rust CSS