Bit Bounty

Prove the bug. Claim the bounty. Developers stake ETH on their contracts; hunters submit proof for instant payouts, or escalate to an AI judge in a secure enclave. No middlemen.

Comment

Inspiration

On April 7, 2026, Anthropic unveiled Claude Mythos Preview, which autonomously discovered decades-old critical vulnerabilities overnight — including a 27-year-old OpenBSD RCE, a 16-year-old FFmpeg flaw, and a 17-year-old FreeBSD root exploit — and wrote 181 working Firefox exploits (vs. 2 for its predecessor).

Anthropic responded with Project Glasswing, committing $100M in credits to share Mythos with major defenders. But Glasswing is centralized, controlled by a single lab.

Since disputes often arise, where companies refuse to pay out bug bounties, we asked ourselves: Can we bring this process on-chain and make it process trustless? Any hunter, a verifiable AI arbiter, atomic payouts. Secondly, since the companies themselves would post the bounty, you are sure that they are fine with having their code picked apart and checked for bugs, which removes some of the legal risk for bounty hunters.

What It Does

Bit Bounty is a decentralized bug bounty platform where payouts are triggered by cryptographic proof, not human review.

Tier 1: On-Chain Invariant Verification

For deterministic bugs (reentrancy, overflow, access control), the developer can come up with "unit tests" which verify that a certain condition, called the "invariant". These unit test are published to the blockchain together with the reward the developer would like to put out for the bug. Bounty hunters can see these open contracts and submits exploits. Since the bug condition was exactly specified beforehand, submitted exploit can be objectively validated. A judging contract runs the exploit inside a self-call that always reverts. If the invariant is violated, the ETH reward is released to the hunter atomically in the same transaction. If the bug is not valid, nothing happens.

Tier 2: AI-Verified Logic Bugs

Not every vulnerability trips a measurable invariant. A reward calculation that silently truncates small stakers to zero is a real bug, but no on-chain rule catches it automatically. Tier 2 handles these logic bugs through an AI analysis agent.

A hunter submits the contract source, an exploit description, and before/after storage state snapshots via the frontend. The AI agent (a FastAPI service) analyzes the contract against its NatSpec documentation using Gemini, determines whether the observed behavior contradicts the documented intent, and returns a verdict with severity classification and a generated Foundry test for reproducibility. The prompt treats the hunter's claim as untrusted input to prevent prompt injection.

How We Built It

Layer Stack
Smart contracts Solidity 0.8.24 + Foundry
Tier 1 engine Fully on-chain snapshot-and-revert (BountyRegistry + IInvariantChecker + IExploit)
Tier 2 analysis FastAPI + Gemini API / Ollama (standalone AI agent)
Frontend React 19 + TypeScript + Vite + wagmi v2

Challenges We Ran Into

  • Local testnet deployment: Setting up the environment, with a local Anvil GoChain for testing took some time getting familiar with.
  • Prompt Injection Defense: We had to treat the hunter's report as adversarial input. We wrapped user content in clearly labeled, untrusted sections so the AI judge couldn't be "convinced" to approve a fake bug.
  • Exploit Bytecode Deployment: Getting the sandbox to correctly deploy hunter-submitted bytecode via CREATE, fund it, and call it within the always-reverting sub-call required careful EVM-level reasoning about call frames, state rollback, and revert data encoding.
  • Checker Generality vs. Specificity: Each challenge has different assets (ERC-20 tokens, ETH, NFTs) and different postconditions. We needed checkers that could deploy arbitrary exploit bytecode, fund it with the right assets, execute it, and then verify a challenge-specific invariant — all within a single reverted call frame.

Accomplishments We're Proud Of

  • Stateless Invariant Checking: Tier 1 verification runs in a self-call that always reverts. It acts as a sandbox where exploits are tested for validity but no permanent changes are made.
  • Three Working Challenges: Unstoppable (flash loan accounting), Truster (flash loan callback abuse), and Free Rider (NFT marketplace msg.value reuse + payment redirect) all work end-to-end — deploy, register bounty, submit exploit, verify invariant violation, receive payout. They are based on challenges from the training and CTF service "damnvulnerabledefi.xyz" and illustrate typical smart-contract vulnerabilities
  • Extensible Checker Pattern: Adding a new challenge requires only implementing IInvariantChecker with a postcondition check. The BountyRegistry handles all sandbox/payout logic. Hunters submit raw exploit bytecode that gets deployed and executed inside the sandbox.

What's Next for Bit Bounty

  • Confidential Exploit Storage (Oasis Sapphire): Deploy on Sapphire to encrypt exploit data so observers can't see the bug before the developer patches it. Same Solidity, just confidential state and inputs, which are encrypted only for the owner to see.
  • On-Chain AI Verdicts (ROFL + SGX): Move the AI agent into an Oasis ROFL app running inside an SGX enclave. Exploit data decrypted only inside the TEE, Gemini called 3x for consensus, verdict submitted on-chain via isAuthorizedOrigin() — fully trustless Tier 2.
  • Pre-Verified Bounties: Allow hunters to report bugs before any bounty exists. When a developer later creates a bounty for that contract, auto-pay the hunter immediately at deposit time.
  • Checker Templates: A library of standard IInvariantChecker implementations (ERC-20 supply conservation, ERC-721 ownership, DeFi pool reserve ratios) so developers don't have to write custom checker contracts.

Using Vercel App

Click Connect Wallet and select MetaMask Make sure MetaMask is on the Base Sepolia network You should see the bounties and be able to interact

Built With

+ 2 more
Share this project:

Updates