-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Loading status checks…
Merge branch 'main' of https://github.com/nulltea/project-zero
Showing
20 changed files
with
2,636 additions
and
55 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,136 @@ | ||
// SPDX-License-Identifier: MIT | ||
pragma solidity ^0.8.20; | ||
|
||
import "@openzeppelin/contracts/token/ERC721/ERC721.sol"; | ||
|
||
/** | ||
* @title ProofOfExploitMarketplace | ||
* @dev A marketplace for white-hat hackers to sell proofs of exploits to | ||
* smart contract stakeholders. | ||
*/ | ||
contract ProofOfExploitMarketplace is ERC721 { | ||
|
||
struct Exploit { | ||
address creator; | ||
string description; | ||
uint256 keyHash; | ||
uint256 price; | ||
bool redeemed; | ||
Buyer buyer; | ||
} | ||
|
||
struct Buyer { | ||
uint256[2] publicKey; | ||
bool hasPurchased; | ||
} | ||
|
||
/// map of all exploits (which are also tokens) | ||
mapping(uint256 => Exploit) public exploits; | ||
|
||
/// map of buyer information | ||
mapping(address => Buyer) public buyers; | ||
|
||
/// keep track of our exploits (which are also tokens) | ||
uint256 public exploitCount; | ||
|
||
event ExploitPosted(uint256 indexed id, address indexed creator, uint256 price); | ||
event TokenPurchased(uint256 indexed id, address indexed buyer); | ||
event ExploitRedeemed(uint256 indexed id, address indexed buyer); | ||
|
||
constructor() | ||
ERC721("ProofOfExploitToken", "PET") | ||
{} | ||
|
||
/** | ||
* @notice Posts a new exploit to the marketplace. | ||
* @param description A description of the exploit. | ||
* @param price The price for the exploit. | ||
* @param keyHash The hash of the key of the encryption of the proof of the exploit. | ||
* @return The ID of the newly created exploit (token). | ||
*/ | ||
function postExploit( | ||
string calldata description, | ||
uint256 price, | ||
uint256 keyHash | ||
) external returns (uint256) { | ||
uint256 id = exploitCount; | ||
exploitCount++; | ||
|
||
exploits[id] = Exploit({ | ||
creator: msg.sender, | ||
description: description, | ||
price: price, | ||
redeemed: false, | ||
keyHash: keyHash, | ||
buyer: Buyer([uint256(0), uint256(0)], false) | ||
}); | ||
|
||
_mint(msg.sender, id); | ||
|
||
emit ExploitPosted(id, msg.sender, price); | ||
return id; | ||
} | ||
|
||
/** | ||
* @notice Purchases a token for a specific exploit. | ||
* @param exploitId The ID of the exploit to purchase. | ||
* @param publicKey The public key of the buyer. | ||
*/ | ||
function purchaseToken(uint256 exploitId, uint256[2] calldata publicKey) external payable { | ||
Exploit storage exploit = exploits[exploitId]; | ||
require(msg.value >= exploit.price, "Insufficient funds"); | ||
|
||
buyers[msg.sender] = Buyer({ | ||
publicKey: publicKey, | ||
hasPurchased: true | ||
}); | ||
|
||
_transfer(exploit.creator, msg.sender, exploitId); | ||
|
||
exploit.buyer = buyers[msg.sender]; | ||
|
||
emit TokenPurchased(exploitId, msg.sender); | ||
} | ||
|
||
/** | ||
* @notice Redeems an exploit by providing the encrypted key. | ||
* @param tokenId The ID of the token (exploit). | ||
* @param encryptedKey The encrypted key. | ||
*/ | ||
function redeemExploit(uint256 tokenId, uint256 encryptedKey) external { | ||
// make sure the exploit exists: | ||
require(tokenId >= 0 && tokenId < exploitCount, "Exploit does not exist"); | ||
Exploit storage exploit = exploits[tokenId]; | ||
require(exploit.creator == msg.sender, "Only the creator can redeem"); | ||
require(!exploit.redeemed, "Exploit already redeemed"); | ||
|
||
//require( | ||
// Verifier.verifyEncryptionProof(a, b, c, input), | ||
// 'DataMarketplaceCore/proof-invalid' | ||
//); | ||
|
||
exploit.redeemed = true; | ||
exploit.keyHash = encryptedKey; | ||
|
||
address buyer = ownerOf(tokenId); | ||
require(buyers[buyer].hasPurchased, "No buyer for this token"); | ||
|
||
payable(exploit.creator).transfer(exploit.price); | ||
|
||
emit ExploitRedeemed(tokenId, buyer); | ||
} | ||
|
||
/** | ||
* @notice Allows a token holder to retrieve the encrypted key for the exploit. | ||
* @param tokenId The ID of the token (exploit). | ||
* @return The encrypted key. | ||
*/ | ||
function getExploitKey(uint256 tokenId) external view returns (uint256) { | ||
require(ownerOf(tokenId) == msg.sender, "Only the owner can get the key"); | ||
|
||
Exploit storage exploit = exploits[tokenId]; | ||
require(exploit.redeemed, "Exploit not redeemed yet"); | ||
|
||
return exploit.keyHash; | ||
} | ||
} |
Large diffs are not rendered by default.
Oops, something went wrong.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
{ | ||
"name": "marketplace", | ||
"version": "1.0.0", | ||
"description": "", | ||
"main": "index.js", | ||
"scripts": { | ||
"test": "echo \"Error: no test specified\" && exit 1" | ||
}, | ||
"author": "", | ||
"license": "ISC", | ||
"dependencies": { | ||
"@openzeppelin/contracts": "^5.0.2", | ||
"viem": "^2.12.1" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
import { | ||
createPublicClient, | ||
createWalletClient, | ||
custom, | ||
http, | ||
toHex, | ||
parseAbiItem } from 'viem' | ||
import { sepolia } from 'viem/chains' | ||
|
||
import abi from '../data/PoEMarketplace_abi.json' | ||
|
||
const CONTRACT = process.env.CONTRACT_ADDRESS || '0x..' | ||
|
||
const publicClient = createPublicClient({ | ||
chain: sepolia, | ||
transport: http() | ||
}) | ||
|
||
const client = createWalletClient({ | ||
chain: sepolia, | ||
transport: custom((window as any).ethereum) | ||
}) | ||
|
||
export const [account] = await client.getAddresses() | ||
|
||
// generic function to write to the contract and return tx hash | ||
const writeContract = async (functionName:string, args: any[]) => { | ||
|
||
const { request } = await publicClient.simulateContract({ | ||
account, | ||
address: CONTRACT as `0x${string}`, | ||
abi: abi, | ||
functionName: functionName, | ||
args: args | ||
}) | ||
return await client.writeContract(request) | ||
} | ||
|
||
// watches for the TokenPurchased event emitted during the purchaseToken function call. | ||
// This will be used to trigger the redeem function call. | ||
export const unwatch = publicClient.watchEvent({ | ||
address: CONTRACT as `0x${string}`, | ||
event: parseAbiItem('event TokenPurchased(uint256 indexed id, address indexed buyer)'), | ||
// TO DO - call function with logs to derive public key https://viem.sh/docs/utilities/recoverPublicKey#recoverpublickey | ||
onLogs: logs => console.log(logs) | ||
}) | ||
|
||
// A White Hat Hacker can post an exploit to the marketplace | ||
export const postExploit = async (description:string, price:bigint, hash:bigint) => await writeContract('postExploit', [description, price, hash]) | ||
|
||
// A vendor can purchase the exploit token from the marketplace | ||
export const purchaseToken = async (tokenId:number, publicKey:bigint[]) => await writeContract('purchaseToken', [tokenId, publicKey]) | ||
|
||
// The White Hat Hacker uses the vendor's public key derived from the purchaseToken transaction to compute the proofs and receive the payment | ||
export const redeem = async (tokenId:number, key:bigint) => await writeContract('redeemExploit', [tokenId, key]) | ||
|
||
// Finally, the vendor can retrieve the shared key from the exploit token | ||
export const retrieveKey = async (tokenId:number) => publicClient.readContract({ | ||
address: CONTRACT as `0x${string}`, | ||
abi: abi, | ||
functionName: 'getExploitKey', | ||
args: [tokenId] | ||
}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
import dotenv from 'dotenv' | ||
import { GetStorageAtReturnType, createPublicClient, http, toHex } from 'viem' | ||
import { sepolia } from 'viem/chains' | ||
import fs from 'fs' | ||
|
||
const publicClient = createPublicClient({ | ||
chain: sepolia, | ||
transport: http() | ||
}) | ||
|
||
async function getStorageAtSlot(target:string, slot:number) { | ||
return await publicClient.getStorageAt({ | ||
address: '0xFBA3912Ca04dd458c843e2EE08967fC04f3579c2', | ||
slot: toHex(0) | ||
}) | ||
} | ||
|
||
async function fetchAndStoreContractState(target:string) { | ||
const slots = 100; // Number of storage slots to fetch. Adjust as needed. | ||
const state: GetStorageAtReturnType[] = []; | ||
|
||
for (let slot = 0; slot < slots; slot++) { | ||
const storage:GetStorageAtReturnType = await getStorageAtSlot(target, slot) | ||
if (storage) { | ||
state.push(storage); | ||
} | ||
} | ||
|
||
// Store the state in a JSON file | ||
fs.writeFileSync('contractState.json', JSON.stringify(state)); | ||
|
||
console.log('Contract state saved.'); | ||
} | ||
|
||
fetchAndStoreContractState('0x..'); |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
[workspace] | ||
exclude = ["zkpoex", "ecdh"] | ||
members = ["zkpoex-script", "ecdh-script","evm-runner"] | ||
members = ["zkpoex-script", "ecdh-script", "evm-runner"] | ||
resolver = "2" |
1,397 changes: 1,397 additions & 0 deletions
1,397
sp1_prover/contracts/src/fixtures/zkpoex_fixture.json
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
HÉf¯þ4Ò<`§-`õÅCS-HòÀÂ7Ò2yë | ||
ú0Hi·È7ïæ(çhbD{-]uvöÛ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
W<×.³±1ôL¡MIn^ì|aɧBMmçÍÆò¾¨²Uá¹ù?ÚÀv | ||
«;gÝ|Åî$GjÔÐ+ÄxÌÇ$-T2ÙµÔ3§ï¦À}ëÒjò«ýH(Íi:á÷îÜË&êVünó]÷·à|ìpÛûÓ_oÅ |
Binary file not shown.