Space and Time is the Microsoft-backed blockchain for ZK-proven data. Secured by Proof of SQL, the first sub-second ZK coprocessor.
The codebase is broken into several repos:
- sxt-node is a substrate based blockchain that essentially a database, responsible for accepting data inserts, and at a high level, computing commitments of that data
- sxt-proof-of-sql is a protocol that enables cryptographic guarantees on SQL queries against a database
- sxt-node-op-contracts is a set of EVM smart contracts designed to work with sxt-node, in particular, responsible for staking
- sxt-zkpay-contracts is a set of EVM smart contracts that enable on chain payments
- sxt-token is a standard ERC20 token contract along with some simple related utility contracts
Prize distribution and scoring
-
Total Prize Pool: $ 100,000
-
The prize distribution has 4 possible triggers:
- If no valid high and only medium severity findings are found, the total pot size is $10,000
- If one high severity finding is found, the total pot size is $40,000
- If two high severity findings are found, the total pot size is $70,000
- If three high severity findings are found, the total pot size is $100,000
-
Scoring described in the competition scoring page.
Severity and Rewards
Vulnerabilities are classified using two factors: Impact and Likelihood. The combination of these factors determines the severity and guides the reward amount.
Likelihood \ Impact | High | Medium | Low |
---|---|---|---|
High | High | High | Medium |
Medium | High | Medium | Low |
Low | Medium | Low | Informational |
Impact Definitions:
-
High Impact:
- Loss of Core Protocol Funds: A vulnerability that could lead to a significant amount of protocol funds being stolen or lost via draining existing funds.
- Breaks Core Functionality: Causes an irrecoverable failure in fundamental protocol operations.
-
Medium Impact:
- Breaks Non-Core Functionality: Causes a failure in protocol operations that isn’t essential to the operation of the overall protocol.
Likelihood Definition:
- High Likelihood
- Issues that can be triggered by any user, without significant constraints and will generate outsized returns to the exploiter
Scope
- https://github.com/spaceandtimefdn/sxt-proof-of-sql/commit/9ee541635e29ef875b306150979cdba4aab997df
- Files: solidity directory. The actual code is in src
- https://github.com/spaceandtimefdn/sxt-zkpay-contracts/commit/dfa2fcc3e2270c6d27b483afae407d57769a2a6c
- Files: The entire repo. The actual code is in src
- https://github.com/spaceandtimefdn/sxt-node/commit/f5c0cc92b38004327f82f3e9807326f69a800bd3
- Files: The entire repo
- https://github.com/spaceandtimefdn/sxt-node-op-contracts/commit/f2cb97f1dfeb7ac254faf364afab8306a23630b2
- Files: The entire repo. The actual code is in src
- https://github.com/spaceandtimefdn/sxt-token/commit/78c2cb5a377bb203589b3fffd9779d4d317fca16
- Files: The entire repo. The actual code is in src
Build Instructions:
Build instructions can be found below:
Basic POC Test
- POC must be provided upon request for this competition
Out of scope
- Cantina Review
- Pashov Security Review
- Hashlock Secuirt Audit
- LightChaser Reports:
Contact Us
For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.
Summary
Status
LiveTotal reward:
$100,000
Findings submitted:
23
Start date:
2 May 2025 4:00pm (local time)
End date:
22 May 2025 8:00pm (local time)