A trustless war room for whitehats

Submit your proof of exploit to claim a bug bounty without disclosing details through ZKP

Sample PoCs and Proofs

01AnyswapExp.sol
Even though the project team actively advised users to revoke the approvals, the hacker still stole over 900 ETH by making calls of anySwapOutUnderlyingWithPermit.
VIEW SOURCE CODEVIEW SAMPLE PROOF
02SushiRouterExp.sol
03FuseProtocolExp.sol

How 0xHacked Works?

Partners

0xHacked
0xHacked
0xHacked
0xHacked
0xHacked

Frequently Asked Questions

0xHacked is a trustless war room for white hats. Here, the whitehats can submit proof of exploit to claim a bug bounty without disclosing details through the zero-knowledge proof. Our goal is to safeguard the interests of whitehats and ensure they receive deserved rewards for their findings and efforts. Additionally, we aim to foster dialogue rather than destruction, transforming the relationship between hackers and projects. We hope you enjoy your experience at 0xHacked.

Happy Hacking!

  1. Fork the state from the specific block number on the Ethereum mainnet, and treat it as the initial storage state.
  2. Deploy the PoC contract and initialize the contract (including deal function, similar to deal in Foundry).
  3. Invoke the contract in the zkVM to get proofs and record the state diffs.
  4. Check if the initial storage state is correct and calculate the token balance changes.
  5. Evaluate if there is an exploit in this contract according to the ZK proof, state diffs, and token balance changes.

We run an EVM inside the zkVM based on RISC Zero. Special thanks to the great team!

To launch a bug bounty program, you can reach out to us via Telegram, Twitter or Email.