Smart contract bugs cost billions. In 2023 alone, over $1.8B was lost
to exploits. The problem? No standardized way for security researchers
to disclose vulnerabilities and get rewarded fairly.
zk.egold.dev solves this with a trustless ZK Exploit Disclosure
Protocol on Ethereum.
The Problem with Bug Bounties Today
- Researchers disclose vulnerability → company ghosts them
- No proof the researcher found it first
- Payment disputes with no on-chain record
- Centralized platforms take huge cuts
How zk.egold.dev Works
Step 1 — Commit
Researcher hashes the exploit details off-chain:
commitment = keccak256(exploitDetails + secret)
Submit commitment on-chain — timestamp proves discovery date.
Step 2 — Escrow
Protocol owner locks bounty in smart contract escrow.
Funds are trustlessly held — neither party can rug.
Step 3 — Reveal
Researcher reveals exploit details + secret.
ZK proof verifies commitment matches reveal — without exposing
details prematurely.
Step 4 — Payout
Smart contract releases escrow automatically upon valid proof.
Full audit trail on-chain. No disputes. No middlemen.
Zero-Knowledge Privacy
The ZK circuit guarantees:
- Researcher proves knowledge WITHOUT revealing the exploit
- Commitment is binding — cannot be faked retroactively
- Payout is automatic — no human can block it
Live Deployment
🌐 Platform: https://zk.egold.dev
📦 GitHub: https://github.com/ar1as1/zkbounty
🔗 Network: Ethereum Sepolia Testnet
For Security Researchers
If you find a vulnerability in any Web3 protocol:
- Generate your commitment locally
- Submit on-chain — your timestamp is proof
- Negotiate bounty with protocol owner
- Reveal and get paid — trustlessly
No more getting ghosted. No more payment disputes.
The protocol enforces fairness mathematically.
Built with Circom, Groth16, Solidity, React, and Foundry.
*.
Top comments (0)