Space and Time / SXT

Space and Time is the Microsoft-backed blockchain for ZK-proven data. Secured by Proof of SQL, the first sub-second ZK coprocessor.

The codebase is broken into several repos:

• sxt-node is a substrate based blockchain that essentially a database, responsible for accepting data inserts, and at a high level, computing commitments of that data
• sxt-proof-of-sql is a protocol that enables cryptographic guarantees on SQL queries against a database
• sxt-node-op-contracts is a set of EVM smart contracts designed to work with sxt-node, in particular, responsible for staking
• sxt-zkpay-contracts is a set of EVM smart contracts that enable on chain payments
• sxt-token is a standard ERC20 token contract along with some simple related utility contracts

Prize distribution and scoring

• Total Prize Pool: $ 100,000

• The prize distribution has 4 possible triggers:

  • If no valid high and only medium severity findings are found, the total pot size is $10,000
  • If one high severity finding is found, the total pot size is $40,000
  • If two high severity findings are found, the total pot size is $70,000
  • If three high severity findings are found, the total pot size is $100,000

• Scoring described in the competition scoring page.

Severity and Rewards

Vulnerabilities are classified using two factors: Impact and Likelihood. The combination of these factors determines the severity and guides the reward amount.

Impact Definitions:

• High Impact:

  • Loss of Core Protocol Funds: A vulnerability that could lead to a significant amount of protocol funds being stolen or lost via draining existing funds.
  • Breaks Core Functionality: Causes an irrecoverable failure in fundamental protocol operations.

• Medium Impact:

  • Breaks Non-Core Functionality: Causes a failure in protocol operations that isn’t essential to the operation of the overall protocol.

Likelihood Definition:

• High Likelihood
  • Issues that can be triggered by any user, without significant constraints and will generate outsized returns to the exploiter

Scope

• https://github.com/spaceandtimefdn/sxt-proof-of-sql/commit/9ee541635e29ef875b306150979cdba4aab997df
  • Files: solidity directory. The actual code is in src
• https://github.com/spaceandtimefdn/sxt-zkpay-contracts/commit/dfa2fcc3e2270c6d27b483afae407d57769a2a6c
  • Files: The entire repo. The actual code is in src
• https://github.com/spaceandtimefdn/sxt-node/commit/f5c0cc92b38004327f82f3e9807326f69a800bd3
  • Files: The entire repo
• https://github.com/spaceandtimefdn/sxt-node-op-contracts/commit/f2cb97f1dfeb7ac254faf364afab8306a23630b2
  • Files: The entire repo. The actual code is in src
• https://github.com/spaceandtimefdn/sxt-token/commit/78c2cb5a377bb203589b3fffd9779d4d317fca16
  • Files: The entire repo. The actual code is in src

Build Instructions:

Build instructions can be found below:

• Substrate
• Contracts
• Proof of SQL

Basic POC Test

• POC must be provided upon request for this competition

Out of scope

• Cantina Review
  • https://cantina.xyz/code/3cc30b66-1cba-4044-968f-a0817cd7bf83/audits/report-cantinacode-sxt-node.pdf
• Pashov Security Review
  • https://cantina.xyz/code/3cc30b66-1cba-4044-968f-a0817cd7bf83/audits/SXT-security-review_2025-03-31.pdf
• Hashlock Secuirt Audit
  • https://cantina.xyz/code/3cc30b66-1cba-4044-968f-a0817cd7bf83/audits/Space%20and%20Time%20Smart%20Contract%20Audit%20Report%20-%20Preliminary%20Report%20v1.pdf
• LightChaser Reports:
  1. Node OP
  2. Proof of SQL
  3. Token
  4. ZKPay

Contact Us

For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.