project screenshot 1
project screenshot 2
project screenshot 3
project screenshot 4
project screenshot 5
project screenshot 6

TrustBytes

Empowering protocols to search for smart contract auditors that showcase their capabilities on chain. Implemented to store onchain with Tableland and truth verification of auditor competencies with PolygonID

TrustBytes

Created At

ETHOnline 2023

Winner of

🏊 Tableland — Prize Pool

Project Description

Long description The problem: Too many hacks are happening in web3 because of vulnerabilities in smart contracts. This is because developing smart contracts are complex. Security researchers / auditors have limited time to devote to their work, issues cannot be found quickly. More auditors are urgently needed. But this is hard. Auditor’s competencies and credentials are hidden in data silos of platforms, audit companies and CVs.

The solution: TrustBytes changes that! We want to united auditors found vulnerabilities and competencies on chain and give back the ownership of these data to auditors. We get the data from public platforms like Code4rena or Sherlock and allow user to claim and combine their profiles. The vulnerability findings will be updated regularly. With polygonID we allow auditors to proof their capabilities, that is attested from audit companies, protocols, and platforms. An auditor can showcase his time available for being booked, addressing a major pain point of waiting too long for smart contract audits.

Finally, we want to let protocols / projects to search against these vulnerabilities and competencies and let the project book auditors or group of auditors.

How it's Made

How we did it: The frontend is created in Next.js with Tailwind.css using ethers.js. Our current solution has data from code4rena, showcasing vulnerabilities. We enrich these data when an auditor signs in with his wallet. There he can add his name, bio and competencies and register. The data is saved to the chain with Tableland. A protocol can search by competency and TrustScore. The results are shown on a summary page. When a protocol clicks on a user, he sees a single auditor page. On the backend we worked with Tableland. We can create a table, insert, and update data on chain through the frontend.

The last days we worked with Polygon ID, we installed an issuer node locally and were able to create a Claim Schema and query against this Schema for the verifier. We planned the process as 1) the issuer node publishes a claim that an auditor worked for him with a competency 2) The auditor can claim the verifiable credential and add it to his polygon ID wallet, 3) As registering with our app we ask for verifying the credential so only true values can be added 4) Our smart contract checks the proof and if valid 5) adds the competencies to tableland.

Next steps. First, we want to implement the polygonID process. Then we would like to implement the update mechanism for C4 and use other platforms like Sherlock. Then an auditor should be able to claim several profiles from different platforms into one, allowing him to change the bio, competencies (with polygonID). At a later stage we want to add vulnerabilities an auditor found from audit companies as well. After a while we will add the possibility that project can post audit jobs and auditors can apply alone or in groups.

@Tableland Team - studio team name: Trustbytes - dev addresses: 0xfecB9d747C05af0987B825d366d4600e710fB5e3, 0xe351A23BB54F4a7Ca10156eA9d82858C16D69E30

background image mobile

Join the mailing list

Get the latest news and updates