MICE
MICE is The Future Standard of Security Auditing. We want to protect companies' money and reputation.And also the hacker's hard work.
Project Description
Mice is a Smart Contract that is a trusted entity between 2 user roles: companies and hackers.
Mice has an interface allowing users to connect their metamask wallet. Companies Creates an audit bounty, and the hacker registers.
The company create a bounty and hacker Hacker stakes money to resgister to the bounty.
The company requests a security audit and the hacker register in the security bounty. The smart contract verifies the hackers claims, gives reward if the verification is successful and penaly if the verification failed and unstakes hacker’s assets if Hackers annouces that they found no vulnerability.
In case of failed verification, the assets will be slashed as a penalty, we took our inspiration from EthGlobal method :)
The smart contract allows companies to verify Hackers’ claims without storing any data on-chain.
How it's Made
In this Project we used Starship as a DNS registrar to register mice.sh and CloudFlare for DNS managment. We used StoneName API to create ENS addresses for users (Companies).
This project's smart contract is developed with Solidity and Hardhat framework and deployed on Linea. We used Nethermind for Security measures, test coverage and static analysis with slither.
In this Project we used Zerion API to get the Hackers' wallet balance as a background check (We can get more data).
In order to Verify that the hacker have the claimed data (private key or confidential document), the smart contract asks the hacker to sign company's message with private key and encrpt it with public key. If it's a document, then, both the hacker and company hash a part of document decided by the company. The hash is calculated locally for each user using bCrypt. Then the smart contract compares the 2 hashes.
We implemented this logic for demo purposes, we are privacy first at Mice, we want to implement MPZ an implementation of MPC by TLSNotary. Or a ZK-proof mechanism or FHE implementation.
At this stage, we succeeded in implementing:
- ENS translation with NameStone
- Wallet information with Zerion
- Smart Contract on Linea | Metamask
- Smart Contract tests with Nethermind
Work in Progress:
- Fuzzing and Forta bots test with Nethermind
- Frontend-Backend integration
- ENS integration in Frontend
- Zerion integration in Frontend
Our Demo would be many separated pieces, so we decided to submit our work in progress instead of a video Demo.
We believe in this project, we think It is solving a real pain point for both companies and hackers..
