In the last few years more than a billion dollars were stolen from smart contracts (you can see a list of the biggest hacks in Rekt News). Classic bug bounty (like Immunefi) have a solution to this problem - hacker will have economic incentive to report vulnerability (for reward). But it's not very effective because hacker has risk that project or escrow will say "it's a not real vulnerability". That means that hacker will most probably use such vulnerability next time, instead of reporting it.
We propose to write system, where hacker can prove formally and mathematically that he found a bug.
All business logic of user function (for example function transferin some pseudoERC20 Token ) will be implemented as ZK circuit. For example, if user Alice wants to send money to user Bob - Alice will generate zk proof, which will change state of full system from state0 to state1. This proof we will call State Transition Proof
Imagine that some hacker has found vulnerability. He gets historical state of the system stateX and applies to it some correct state transitions (for example, transfers: Alice sends money to Bob and Bob sends money to Carrel). He then can prove this state transition using the same circuit, which called State Transition Proof as is done by regular users Alice and Bob. In case result of this manipulation goes to incorrectState: for example money supply was increased - he can easelly prove it using zk. Criteria and rules for incorrectState should be provided by developers of system and should be part of the Hack Proof. Also public input Hack Proof should be encrypted by contract owner's public key. That means that only contract owner will understand where is the problem
We have 2 main smart contract functions
businessLogicfunction for user to work with our pseudoERC20 Token. InsidebusinessLogicwe have proof verificationState Transition Proofwhich user will use for transfering moneyproofOfHackfunction which give you all bounty eth if you provide correctHack Proof. This function will push red button and stop smart contract untill owner will recover it.
We have few Secondary Functions:
depositForBountyupgradeStateTransitionVerifier,upgradeHackVerifier- upgradability function for providing new version of zk circiutsrecover- restart smart contract after upgrade
- Main contract
- All circuits
- Automaticaly generated vk for circuits (using solidity plonk verifier)
- Change signature from hash based to schnorr
- Add encryption for public input using contract owner public key
- Multiple transactions in bug proof
- Tooling for sending tx
- Proof agregation
- Some UI
- Real universal setup generated by AZTEC
- plonk: prove system with universal trusted setup
- belman_ce: fork of original belman with plonk
- franklin-crypto: Gadget library for PLONK/Plookup
- solidity plonk verifier solidity plonk verifier with lookup tables
- rescue poseidon: Rescue and Poseidon argebraic hash circuit implementation
- hardhat: Eth contract toolkit
install rust and cargo
cd circuit
cargo build
cd circuit
cargo run
cd circuit/solidity_plonk_verifier/
cargo build --release
./target/release/solidity_plonk_verifier --verification-key /tmp/create_account_vk_keccak.key
cat ./hardhat/contracts/VerificationKey.sol | sed 's%import "hardhat/console.sol";% %g' > PATH_TO_SC/VerificationKey.sol
cd contracts
npx hardhat compile
install nodejs and hardhat
cd contracts
npx hardhat run scripts/deploy.js
And you will get contract adresses
TODO!: make proper tooling for this
TODO!: make proper tooling for this
