HackRx

Security-critical communication among Ethereum protocol participants continues to use traditional Web2-centric platforms such as Twitter/X, Discord and Telegram, which are not: onchain, transparent, open-source, decentralized, censorship-resistant or privacy-sensitive. All top-ten REKT leaderboard exploits (https://rekt.news/leaderboard/), which amount to billions of dollars in losses, were announced on Twitter! We need a web3-native alternative that addresses all these fundamental shortcomings. To onboard the next billion users, the Ethereum community deserves both much better security and a dedicated onchain channel for its communications.

HackRx is the onchain "Ethereum Security Channel" (ESC) for security-critical communication among protocol participants. Protocols register with HackRx to notify their participants about security-critical information, which includes risk-mitigation measures pre-hack and loss-mitigation measures post-hack. Ethereum users register with HackRx to receive authoritative security-critical notifications from all the protocols they are interested in or with which they interact. HackRx is thus a prescription from protocol & security experts for Ethereum security incidents analogous to Rx which is a prescription from medical experts for health security issues. All messages on HackRx are stored onchain in a transparent, decentralized and censorship-resistant manner, thus making it a permissionless onchain "Ethereum Security Channel" (ESC) for security-critical communication among protocol participants.

Links

• https://github.com/0xRajeev/hackrx
• https://docs.google.com/presentation/d/10W0vmg3SlAAWnqKDM-ndzN9F-t8iBeRnrW_VnG3Ni4A/edit?usp=sharing

We spent most of our time building out the project idea by motivating it with different protocol participants at EthIndia i.e. guaging the "product-market fit." While the core premise resonated with everyone, we were challenged with justifying the reasons why the scope should be limited to security-critical notifications and not all communications. Given that the core thesis of Ethereum is to provide a trust-minimized coordination mechanism and settlement layer, we believe a security-centric solution such as HackRx is paramount to delivering on that promise.

The second challenge was to decide on the overall architecture, design goals and implementation specifics. Every idea should think big but start small, especially in a hackathon. So we built a simple strawman PoC to demonstrate, mostly to ourselves :), that the smart contract flows work and can be integrated with Push Protocol, which is one of EthIndia2023's sponsor partners. We evaluated why and how this could be integrated with other decentralized messaging and storage services such as Waku and IPFS, but we ran out of time.

Finally, we ran into the challenge of integrating with Push Protocol, but with guidance and encouragement from their team, we managed to hack a basic flow together.