DEV Community

Egold
Egold

Posted on

zk.egold.dev — ZK Exploit Disclosure Protocol on Ethereum

Smart contract bugs cost billions. In 2023 alone, over $1.8B was lost
to exploits.
The problem? No standardized way for security researchers
to disclose vulnerabilities and get rewarded fairly.

zk.egold.dev solves this with a trustless ZK Exploit Disclosure
Protocol on Ethereum.

The Problem with Bug Bounties Today

  • Researchers disclose vulnerability → company ghosts them
  • No proof the researcher found it first
  • Payment disputes with no on-chain record
  • Centralized platforms take huge cuts

How zk.egold.dev Works

Step 1 — Commit
Researcher hashes the exploit details off-chain:
commitment = keccak256(exploitDetails + secret)
Submit commitment on-chain — timestamp proves discovery date.

Step 2 — Escrow
Protocol owner locks bounty in smart contract escrow.
Funds are trustlessly held — neither party can rug.

Step 3 — Reveal
Researcher reveals exploit details + secret.
ZK proof verifies commitment matches reveal — without exposing
details prematurely.

Step 4 — Payout
Smart contract releases escrow automatically upon valid proof.
Full audit trail on-chain. No disputes. No middlemen.

Zero-Knowledge Privacy

The ZK circuit guarantees:

  • Researcher proves knowledge WITHOUT revealing the exploit
  • Commitment is binding — cannot be faked retroactively
  • Payout is automatic — no human can block it

Live Deployment

🌐 Platform: https://zk.egold.dev
📦 GitHub: https://github.com/ar1as1/zkbounty
🔗 Network: Ethereum Sepolia Testnet

For Security Researchers

If you find a vulnerability in any Web3 protocol:

  1. Generate your commitment locally
  2. Submit on-chain — your timestamp is proof
  3. Negotiate bounty with protocol owner
  4. Reveal and get paid — trustlessly

No more getting ghosted. No more payment disputes.
The protocol enforces fairness mathematically.


Built with Circom, Groth16, Solidity, React, and Foundry.


 *.

Top comments (2)

Collapse
 
hiren-kava profile image
Hiren Kava

Interesting design—this is essentially a commit–reveal bounty escrow system with ZK used to separate “proof of knowledge” from premature disclosure. In practice, the hardest part won’t be the Groth16 verification, but the social and economic layer: defining what counts as a valid exploit without opening it to ambiguous disputes or gaming around partial disclosures.

Collapse
 
ar1as1 profile image
Egold

yeah right actualy im still find out to solve....