Space and Time is the Microsoft-backed blockchain for ZK-proven data. Secured by Proof of SQL, the first sub-second ZK coprocessor.
The codebase is broken into several repos:
- sxt-node is a substrate based blockchain that essentially a database, responsible for accepting data inserts, and at a high level, computing commitments of that data
- sxt-proof-of-sql is a protocol that enables cryptographic guarantees on SQL queries against a database
- sxt-node-op-contracts is a set of EVM smart contracts designed to work with sxt-node, in particular, responsible for staking
- sxt-zkpay-contracts is a set of EVM smart contracts that enable on chain payments
- sxt-token is a standard ERC20 token contract along with some simple related utility contracts
Prize distribution and scoring
-
Total Prize Pool: $ 100,000
-
The prize distribution has 4 possible triggers:
- If no valid high and only medium severity findings are found, the total pot size is $10,000
- If one high severity finding is found, the total pot size is $40,000
- If two high severity findings are found, the total pot size is $70,000
- If three high severity findings are found, the total pot size is $100,000
-
Scoring described in the competition scoring page.
Severity and Rewards
Vulnerabilities are classified using two factors: Impact and Likelihood. The combination of these factors determines the severity and guides the reward amount.
| Likelihood \ Impact | High | Medium | Low |
|---|---|---|---|
| High | High | High | Medium |
| Medium | High | Medium | Low |
| Low | Medium | Low | Informational |
Please note these definitions exist on top of the current definitions
Impact Definitions:
-
High Impact:
- Loss of Core Protocol Funds: A vulnerability that could lead to a significant amount of protocol funds being stolen or lost via draining existing funds.
- Breaks Core Functionality: Causes an irrecoverable failure in fundamental protocol operations.
-
Medium Impact:
- Breaks Non-Core Functionality: Causes a failure in protocol operations that isn’t essential to the operation of the overall protocol.
Likelihood Definition:
- High Likelihood
- Issues that can be triggered by any user, without significant constraints and will generate outsized returns to the exploiter
Scope
- https://github.com/spaceandtimefdn/sxt-zkpay-contracts/commit/dfa2fcc3e2270c6d27b483afae407d57769a2a6c
- Files: The entire repo. The actual code is in src
- https://github.com/spaceandtimefdn/sxt-node/commit/f5c0cc92b38004327f82f3e9807326f69a800bd3
- Files: The entire repo
- https://github.com/spaceandtimefdn/sxt-node-op-contracts/commit/f2cb97f1dfeb7ac254faf364afab8306a23630b2
- Files: The entire repo. The actual code is in src
- https://github.com/spaceandtimefdn/sxt-token/commit/78c2cb5a377bb203589b3fffd9779d4d317fca16
- Files: The entire repo. The actual code is in src
Please note the following repo sxt-proof-of-sql will include some known issues by May 10th(tentative). Please wait for these updates on the page and these findings will not be considered valid and will be marked our of scope regardless of when they were submitted.
- https://github.com/spaceandtimefdn/sxt-proof-of-sql/commit/9ee541635e29ef875b306150979cdba4aab997df
- Files: solidity directory. The actual code is in src
Build Instructions:
Build instructions can be found below:
Basic POC Test
- POC must be provided upon request for this competition
Out of scope
- Cantina Review
- Pashov Security Review
- Hashlock Secuirt Audit
- LightChaser Reports:
Contact Us
For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.
Summary
Status
JudgingTotal reward:
$100,000
Findings submitted:
524
Start date:
2 May 2025 4:00pm (local time)
End date:
22 May 2025 8:00pm (local time)