de77aa4b (main)
and
9e4486b9 (PR)
+43 -29
+14 -0
[
{
"title": "Honeypot Authority announcement",
"url": "https://medium.com/cartesi/cartesi-ecosystem-update-2023-124b384401cc#:~:text=Honeypot%20DApp%20on%20Mainnet",
"date": "2023-04-11T00:00:00Z",
"description": "Honeypot Authority first announced to the community.",
"type": "general"
},
{
"title": "Honeypot Authority launch",
"url": "https://x.com/cartesiproject/status/1706685141421047982",
"date": "2023-09-26T00:00:00Z",
"description": "Honeypot Authority launched on mainnet.",
"type": "general"
},
{
"title": "Permissionless Refereed Tournaments",
"url": "https://arxiv.org/abs/2212.12439",
"date": "2022-12-23T00:00:00Z",
"description": "PRT paper published on arxiv.",
"type": "general"
},
{
"title": "The Dave Algorithm",
"url": "https://youtu.be/dI_3neyXVl0",
"date": "2024-11-13T00:00:00Z",
"description": "Devcon 2024 presentation introducing the Dave algorithm.",
"type": "general"
},
{
"title": "Dave: decentralized, secure, lively fraud-proofs",
"url": "https://dl.acm.org/doi/10.1145/3734698",
"date": "2025-05-09T00:00:00Z",
"description": "Dave paper published on ACM DLT, a peer-reviewed journal.",
"type": "general"
},
{
"title": "Cartesi PRT Honeypot deployed on Ethereum",
"url": "https://etherscan.io/address/0x4c1e74ef88a75c24e49eddd9f70d82a94d19251c",
"date": "2025-06-09T00:00:00Z",
"description": "Cartesi PRT Honeypot deployed to Ethereum mainnet.",
"type": "general"
},
{
"title": "Cartesi PRT Honeypot reached a fail-stop state",
"url": "https://x.com/cartesiproject/status/1970902442259685855",
"date": "2025-09-24T00:00:00Z",
"description": "The chain is permanently frozen after the team managed to find a bug in the PRT contracts.",
"type": "incident"
},
{
"title": "Cartesi PRT Honeypot postmortem",
"url": "https://cartesi.io/blog/prt_honeypot_postmortem/",
"date": "2025-10-21T00:00:00Z",
"description": "Postmortem of the fail-stop incident.",
"type": "incident"
}
]+28 -28
{
"addresses": {
"ethereum": [
{
"name": "TopTournament",
"name": "Application",
"isVerified": true,
"address": "eth:0x09114973AE4bf3Af3896E4e541082C73f224F8Aa",
"address": "eth:0x4c1E74EF88a75C24e49eddD9f70D82A94D19251c",
"upgradeability": {
"proxyType": "immutable",
"admins": [],
"implementations": [],
"immutable": true
},
"chain": "ethereum",
"description": "Represents the entry point and highest level of a dispute in PRT. Disagreeing validators join this tournament to resolve conflicts over the entire computation trace through a bisection game.\n",
"description": "Main dApp contract that escrows assets and executes the verified results (outputs) from off-chain computation. It relies on the DaveConsensus contract to validate outputs before releasing assets or triggering on-chain actions. The immutable template hash of the dApp is `0x615acc9fb8ae058d0e45c0d12fa10e1a6c9e645222c6fd94dfeda194ee427c14`.\n* Roles:\n * **withdrawer**: Cartesi Multisig",
"discoveryDrivenData": true,
"url": "https://etherscan.io/address/eth:0x09114973AE4bf3Af3896E4e541082C73f224F8Aa#code"
"url": "https://etherscan.io/address/eth:0x4c1E74EF88a75C24e49eddD9f70D82A94D19251c#code"
},
{
"name": "BottomTournament",
"name": "DaveConsensus",
"isVerified": true,
"address": "eth:0x18256941eC7B661F9F46C228b74e775b581e63f8",
"address": "eth:0x6CE590b9F0697327f18c601DF6f0baE4a0801B68",
"upgradeability": {
"proxyType": "immutable",
"admins": [],
"implementations": [],
"immutable": true
},
"chain": "ethereum",
"description": "Referees the dispute over a single contested Cartesi machine step as the final stage of arbitration in a dispute. It calls the CartesiStateTransition contract to get a definitive on-chain ruling and identify the winner.\n",
"description": "Contract managing PRT fraud-proof tournaments, application epochs and input validation, as well as settlement and challenge periods. Dispute tournaments are started here and the final, verified computation result (as an `outputsMerkleRoot`) is recorded when they are resolved.\n",
"discoveryDrivenData": true,
"url": "https://etherscan.io/address/eth:0x18256941eC7B661F9F46C228b74e775b581e63f8#code"
"url": "https://etherscan.io/address/eth:0x6CE590b9F0697327f18c601DF6f0baE4a0801B68#code"
},
{
"name": "Application",
"name": "InputBox",
"isVerified": true,
"address": "eth:0x4c1E74EF88a75C24e49eddD9f70D82A94D19251c",
"address": "eth:0xc70074BDD26d8cF983Ca6A5b89b8db52D5850051",
"upgradeability": {
"proxyType": "immutable",
"admins": [],
"implementations": [],
"immutable": true
},
"chain": "ethereum",
"description": "Main dApp contract that escrows assets and executes the verified results (outputs) from off-chain computation. It relies on the DaveConsensus contract to validate outputs before releasing assets or triggering on-chain actions. The immutable template hash of the dApp is `0x615acc9fb8ae058d0e45c0d12fa10e1a6c9e645222c6fd94dfeda194ee427c14`.\n* Roles:\n * **withdrawer**: Cartesi Multisig",
"description": "Serves as both the canonical log for arbitrary dApp inputs and a portal for depositing assets (one possible type of input). It ensures data availability and that all off-chain participants process the same inputs in the same order.\n",
"discoveryDrivenData": true,
"url": "https://etherscan.io/address/eth:0x4c1E74EF88a75C24e49eddD9f70D82A94D19251c#code"
"url": "https://etherscan.io/address/eth:0xc70074BDD26d8cF983Ca6A5b89b8db52D5850051#code"
},
{
"name": "DaveConsensus",
"name": "TopTournament",
"isVerified": true,
"address": "eth:0x6CE590b9F0697327f18c601DF6f0baE4a0801B68",
"address": "eth:0x09114973AE4bf3Af3896E4e541082C73f224F8Aa",
"upgradeability": {
"proxyType": "immutable",
"admins": [],
"implementations": [],
"immutable": true
},
"chain": "ethereum",
"description": "Contract managing PRT fraud-proof tournaments, managing application epochs and input validation, as well as settlement and challenge periods. Dispute tournaments are started here and the final, verified computation result (as an `outputsMerkleRoot`) is recorded when they are resolved.\n",
"description": "Represents the entry point and highest level of a dispute in PRT. Disagreeing validators join this tournament to resolve conflicts over the entire computation trace through a bisection game.\n",
"discoveryDrivenData": true,
"url": "https://etherscan.io/address/eth:0x6CE590b9F0697327f18c601DF6f0baE4a0801B68#code"
"url": "https://etherscan.io/address/eth:0x09114973AE4bf3Af3896E4e541082C73f224F8Aa#code"
},
{
"name": "CartesiStateTransition",
"name": "BottomTournament",
"isVerified": true,
"address": "eth:0x772732EFbDE6559B2960327276ed33d707fF057f",
"address": "eth:0x18256941eC7B661F9F46C228b74e775b581e63f8",
"upgradeability": {
"proxyType": "immutable",
"admins": [],
"implementations": [],
"immutable": true
},
"chain": "ethereum",
"description": "Onchain verifier that can execute a single, disputed instruction of the Cartesi machine. It is the ultimate arbiter that BottomTournament calls to determine which party's claimed state transition is correct.\n",
"description": "Referees the dispute over a single contested Cartesi machine step as the final stage of arbitration in a dispute. It calls the CartesiStateTransition contract to get a definitive on-chain ruling and identify the winner.\n",
"discoveryDrivenData": true,
"url": "https://etherscan.io/address/eth:0x772732EFbDE6559B2960327276ed33d707fF057f#code"
"url": "https://etherscan.io/address/eth:0x18256941eC7B661F9F46C228b74e775b581e63f8#code"
},
{
"name": "MultiLevelTournamentFactory",
"name": "CartesiStateTransition",
"isVerified": true,
"address": "eth:0xA31C2aCfF3464658866960c0fBD3d798310272D7",
"address": "eth:0x772732EFbDE6559B2960327276ed33d707fF057f",
"upgradeability": {
"proxyType": "immutable",
"admins": [],
"implementations": [],
"immutable": true
},
"chain": "ethereum",
"description": "Responsible for creating and orchestrating the multi-stage dispute process. It instantiates the correct tournament contract (Top, Middle, or Bottom) depending on the current stage of the dispute game.\n",
"description": "Onchain verifier that can execute a single, disputed instruction of the Cartesi machine. It is the ultimate arbiter that BottomTournament calls to determine which party's claimed state transition is correct.\n",
"discoveryDrivenData": true,
"url": "https://etherscan.io/address/eth:0xA31C2aCfF3464658866960c0fBD3d798310272D7#code"
"url": "https://etherscan.io/address/eth:0x772732EFbDE6559B2960327276ed33d707fF057f#code"
},
{
"name": "InputBox",
"name": "MultiLevelTournamentFactory",
"isVerified": true,
"address": "eth:0xc70074BDD26d8cF983Ca6A5b89b8db52D5850051",
"address": "eth:0xA31C2aCfF3464658866960c0fBD3d798310272D7",
"upgradeability": {
"proxyType": "immutable",
"admins": [],
"implementations": [],
"immutable": true
},
"chain": "ethereum",
"description": "Serves as both the canonical log for arbitrary dApp inputs and a portal for depositing assets (one possible type of input). It ensures data availability and that all off-chain participants process the same inputs in the same order.\n",
"description": "Responsible for creating and orchestrating the multi-stage dispute process. It instantiates the correct tournament contract (Top, Middle, or Bottom) depending on the current stage of the dispute game.\n",
"discoveryDrivenData": true,
"url": "https://etherscan.io/address/eth:0xc70074BDD26d8cF983Ca6A5b89b8db52D5850051#code"
"url": "https://etherscan.io/address/eth:0xA31C2aCfF3464658866960c0fBD3d798310272D7#code"
},
{
"name": "ERC20Portal",
"isVerified": true,
"address": "eth:0xc700D6aDd016eECd59d989C028214Eaa0fCC0051",
"upgradeability": {
"proxyType": "immutable",
"admins": [],
"implementations": [],
"immutable": true
},
"chain": "ethereum",
"description": "Contract that allows anyone to perform transfers of ERC-20 tokens to Cartesi DApps.\n",
"discoveryDrivenData": true,
"url": "https://etherscan.io/address/eth:0xc700D6aDd016eECd59d989C028214Eaa0fCC0051#code"
},
{
"name": "CanonicalTournamentParametersProvider",
"isVerified": true,
"address": "eth:0xcC0a49320891Bf35bca834aF1045ab89Ecd44c0c",
"upgradeability": {
"proxyType": "immutable",
"admins": [],
"implementations": [],
"immutable": true
},
"chain": "ethereum",
"description": "Provides constant configuration data for the tournament system. It defines parameters like the number of levels (3), the minimum challenge period of ~7d, and the size of computation segments at each stage of a dispute.\n",
"discoveryDrivenData": true,
"url": "https://etherscan.io/address/eth:0xcC0a49320891Bf35bca834aF1045ab89Ecd44c0c#code"
},
{
"name": "MiddleTournament",
"isVerified": true,
"address": "eth:0xe49E4CB0Ab5c0E5792E762807329B420Cc4FF1AE",
"upgradeability": {
"proxyType": "immutable",
"admins": [],
"implementations": [],
"immutable": true
},
"chain": "ethereum",
"description": "Handles the intermediate stages of a dispute following the TopTournament targeting a more granular bisection game.\n",
"discoveryDrivenData": true,
"url": "https://etherscan.io/address/eth:0xe49E4CB0Ab5c0E5792E762807329B420Cc4FF1AE#code"
}
]
},
"escrows": [
{
"address": "0x4c1E74EF88a75C24e49eddD9f70D82A94D19251c",
"sinceTimestamp": 1749510467,
"tokens": "*",
"contract": {
"isVerified": true,
"address": "eth:0x4c1E74EF88a75C24e49eddD9f70D82A94D19251c",
"upgradeability": {
"proxyType": "immutable",
"admins": [],
"implementations": [],
"immutable": true
},
"chain": "ethereum",
"description": "Contract storing bounty funds.",
"url": "https://etherscan.io/address/0x4c1E74EF88a75C24e49eddD9f70D82A94D19251c#code"
},
"chain": "ethereum",
"includeInTotal": true,
"chainId": 1
}
],
"risks": []
}+1 -1
{
"baseTimestamp": 1750257587,
"baseTimestamp": 1763114428,
"contractsDiscoDriven": true,
"hasDiscoUi": true,
"isDiscoDriven": true,
"permissionsDiscoDriven": true
}[ADDED]
cartesi-prt-honeypot-v2
+718 -0
+1 -0
"cartesi-prt-honeypot-v2"+1 -0
"cartesi-prt-honeypot-v2"+1 -0
"Cartesi PRT Honeypot v2"+1 -0
"Honeypot v2"+1 -0
1762783269+3 -0
{
"unverifiedContracts": []
}+76 -0
{
"badges": [
{
"id": "AppChain",
"type": "VM",
"name": "Application-specific chain",
"description": "This project is built to operate a specific application",
"action": {
"type": "scalingFilter",
"id": "vm",
"value": "AppChain"
}
},
{
"id": "CartesiVM",
"type": "VM",
"name": "CartesiVM",
"description": "This project uses the Cartesi Machine to run its smart contracts and supports any programming language that can be ported to RISC-V architecture",
"action": {
"type": "scalingFilter",
"id": "vm",
"value": "CartesiVM"
}
},
{
"id": "EthereumCalldata",
"type": "DA",
"name": "Ethereum with calldata",
"description": "This project is posting its data to Ethereum as calldata",
"action": {
"type": "publicDaHighlight",
"slug": "ethereum"
}
},
{
"id": "Cartesi",
"type": "Stack",
"name": "Built on the Cartesi stack",
"description": "The project is built on the Cartesi stack",
"action": {
"type": "scalingFilter",
"id": "stack",
"value": "Cartesi Rollups"
}
}
],
"description": "Cartesi PRT Honeypot v2 is an application-specific Stage-2 rollup that stress-tests Cartesi Rollups’ security. Protected solely by Cartesi’s PRT (Permissionless Refereed Tournaments) fraud-proof algorithm, it turns its locked funds into an open bounty for anyone who can break the system. Users should not deposit unless they are willing to donate their funds to the Honeypot.",
"links": {
"websites": [
"https://cartesi.io/"
],
"documentation": [
"https://docs.cartesi.io/cartesi-rollups/",
"https://github.com/cartesi/honeypot/wiki/"
],
"explorers": [
"https://cartesiscan.io/",
"https://explorer.cartesi.io/"
],
"repositories": [
"https://github.com/cartesi/honeypot",
"https://github.com/cartesi/dave"
],
"socialMedia": [
"https://twitter.com/cartesiproject",
"https://discord.gg/G2tCH5KkcM",
"https://cartesi.io/blog/",
"https://reddit.com/r/cartesi/",
"https://youtube.com/@cartesiproject",
"https://t.me/cartesiproject",
"https://linkedin.com/company/cartesiproject",
"https://instagram.com/cartesiproject/",
"https://medium.com/cartesi"
]
}
}+1 -0
null+1 -0
null+30 -0
[
{
"title": "Permissionless Refereed Tournaments",
"url": "https://arxiv.org/abs/2212.12439",
"date": "2022-12-23T00:00:00Z",
"description": "PRT paper published on arxiv.",
"type": "general"
},
{
"title": "The Dave Algorithm",
"url": "https://youtu.be/dI_3neyXVl0",
"date": "2024-11-13T00:00:00Z",
"description": "Devcon 2024 presentation introducing the Dave algorithm.",
"type": "general"
},
{
"title": "Dave: decentralized, secure, lively fraud-proofs",
"url": "https://dl.acm.org/doi/10.1145/3734698",
"date": "2025-05-09T00:00:00Z",
"description": "Dave paper published on ACM DLT, a peer-reviewed journal.",
"type": "general"
},
{
"title": "Cartesi PRT Honeypot v2 deployed on Ethereum",
"url": "https://etherscan.io/address/0xfddf68726a28e418fa0c2a52c3134904a8c3e998",
"date": "2025-11-08T00:00:00Z",
"description": "Cartesi PRT Honeypot v2 deployed to Ethereum mainnet.",
"type": "general"
}
]+1 -0
null+23 -0
[
{
"address": "0xfDDF68726a28e418fA0c2a52c3134904a8c3e998",
"sinceTimestamp": 1762562699,
"tokens": "*",
"contract": {
"isVerified": true,
"address": "eth:0xfDDF68726a28e418fA0c2a52c3134904a8c3e998",
"upgradeability": {
"proxyType": "immutable",
"admins": [],
"implementations": [],
"immutable": true
},
"chain": "ethereum",
"description": "Contract storing bounty funds.",
"url": "https://etherscan.io/address/0xfDDF68726a28e418fA0c2a52c3134904a8c3e998#code"
},
"chain": "ethereum",
"includeInTotal": true,
"chainId": 1
}
]+1 -0
null+1 -0
null+1 -0
null+41 -0
{
"capability": "appchain",
"daLayer": [
"Ethereum"
],
"hostChain": {
"id": "ethereum",
"slug": "ethereum",
"name": "Ethereum"
},
"layer": "layer2",
"proofSystem": {
"type": "Optimistic",
"name": "Dave",
"challengeProtocol": "Interactive"
},
"purposes": [
"Bug bounty"
],
"scopeOfAssessment": {
"inScope": [
"Ability to deposit and withdraw CTSI by the permissioned address",
"L1 core contracts",
"Derivation logic spec",
"Permissioned Withdrawal logic in the offchain application"
],
"notInScope": [
"Published offchain Cartesi Machine source code",
"Cartesi Machine source code to onchain template hash mapping"
]
},
"stacks": [
"Cartesi Rollups"
],
"stage": "Stage 2",
"type": "Optimistic Rollup",
"vm": [
"AppChain",
"CartesiVM"
]
}+55 -0
{
"additionalConsiderations": {
"short": "The Cartesi PRT Honeypot v2 is a minimal appchain (running a Cartesi Machine / dApp) for the purpose of incentivizing the testing of the Cartesi PRT proof system. Inputs/actions in the appchain are limited to deposits of CTSI by anyone and withdrawals by a single user.",
"long": "Users can deposit (donate) CTSI tokens to the Honeypot. The funds can only be withdrawn by the Cartesi Multisig to its own address. The appchain has the very specific purpose of a bug bounty on the proof system, incentivizing security researchers to break it and claim the deposited funds."
},
"stage": "Stage 2",
"summary": [
{
"stage": "Stage 0",
"requirements": [
{
"satisfied": true,
"description": "A complete and functional proof system is deployed."
},
{
"satisfied": true,
"description": "There are at least 5 external actors who can submit fraud proofs."
},
{
"satisfied": true,
"description": "The project calls itself a rollup."
},
{
"satisfied": true,
"description": "State roots are posted to Ethereum L1."
},
{
"satisfied": true,
"description": "Inputs for the state transition function are posted to Ethereum L1."
},
{
"satisfied": true,
"description": "A source-available node exists that can recreate the state from Ethereum L1 data. Please note that the L2BEAT team has not verified the validity of the node source code. [View code](https://github.com/cartesi/dave/tree/main/cartesi-rollups/node)"
}
]
},
{
"stage": "Stage 1",
"requirements": [],
"principle": {
"satisfied": true,
"description": "Compromising ≥75% of the Security Council is the only way (other than bugs) for a rollup to indefinitely block an L2→L1 message (e.g. a withdrawal) or push an invalid L2→L1 message (e.g. an invalid withdrawal) with a <7d exit window."
}
},
{
"stage": "Stage 2",
"requirements": [
{
"satisfied": true,
"description": "Fraud proof submission is open to everyone."
}
]
}
]
}+40 -0
{
"self": {
"stateValidation": {
"value": "Fraud proofs (INT)",
"description": "Fraud proofs allow actors watching the chain to prove that the state is incorrect. Interactive proofs (INT) require multiple transactions over time to resolve.",
"challengeDelay": 608400,
"sentiment": "good",
"orderHint": null,
"initialBond": "0.23219805",
"secondLine": "7d 1h challenge period"
},
"dataAvailability": {
"value": "Onchain",
"description": "All of the data needed for proof construction is published on Ethereum L1.",
"sentiment": "good",
"orderHint": null
},
"exitWindow": {
"value": "Not applicable",
"description": "Users cannot exit their funds as all deposits are considered donations.",
"sentiment": "neutral",
"orderHint": null,
"warning": {
"value": "Bug bounty Appchain: The single hardcoded address can withdraw all funds.",
"sentiment": "bad"
}
},
"sequencerFailure": {
"value": "Self sequence",
"description": "Users can self sequence transactions by sending them on L1. There is no privileged operator.",
"sentiment": "good"
},
"proposerFailure": {
"value": "Self propose",
"description": "Anyone can be a Proposer and propose new roots to the L1 bridge.",
"sentiment": "good",
"orderHint": 0
}
}
}+20 -0
[
{
"layer": {
"value": "Ethereum",
"secondLine": "Calldata",
"sentiment": "good",
"description": "The data is posted to Ethereum as calldata.",
"projectId": "ethereum"
},
"bridge": {
"value": "Enshrined",
"sentiment": "good",
"description": "The validating bridge has access to all the data, as it is posted onchain.",
"projectId": "ethereum"
},
"mode": {
"value": "Transaction data"
}
}
]+80 -0
{
"dataAvailability": [
{
"name": "All transaction data is recorded on chain",
"description": "All executed transactions are submitted to an on chain smart contract. The execution of the rollup is based entirely on the submitted transactions, so anyone monitoring the contract can know the correct state of the rollup chain.",
"risks": [],
"references": [
{
"title": "InputBox.sol#18 - Etherscan source code, addInput function",
"url": "https://etherscan.io/address/0x1b51e2992A2755Ba4D6F7094032DF91991a0Cfac#code#F1#L18"
}
]
}
],
"exitMechanisms": [
{
"name": "No user withdrawals",
"description": "No address apart from the Cartesi Multisig can trigger a withdrawal and deposits are considered donations to the Honeypot. If a withdrawal is requested by them, all funds in the escrow are withdrawable to the permissioned address as soon as the next settlement on L1 occurs (min. every 7d 1h).",
"risks": [],
"references": [
{
"title": "Requesting withdrawals, Honeypot Wiki",
"url": "https://github.com/cartesi/honeypot/wiki/Requesting-withdrawals"
}
]
}
],
"forceTransactions": {
"name": "Users can force any transaction",
"description": "Because the state of the system is based on transactions submitted on the underlying host chain and anyone can submit their transactions there it allows the users to circumvent censorship by interacting with the smart contract on the host chain directly.",
"risks": [],
"references": []
},
"operator": {
"name": "There is no central operator",
"description": "There is no privileged entity that sequences transactions or produces blocks. This activity is permissionless and open to anyone.",
"risks": [],
"references": [
{
"title": "Honeypot Docs - Running a validator node",
"url": "https://github.com/cartesi/honeypot/wiki/Running-a-validator-node"
}
]
},
"stateDerivation": {
"nodeSoftware": "The source code for the Cartesi node software is available [here](https://github.com/cartesi/dave/tree/v2.0.0/cartesi-rollups/node).",
"genesisState": "The genesis state comes from the Honeypot Cartesi Machine template included in the [Honeypot v3 release](https://github.com/cartesi/honeypot/releases/tag/v3.0.0). Alternatively, you can recreate it by following the build steps in the [Honeypot GitHub Repository](https://github.com/cartesi/honeypot/tree/v3.0.0?tab=readme-ov-file#building-the-application).",
"dataFormat": "The reference implementation for ERC20 deposits can be found [here](https://github.com/cartesi/rollups-contracts/blob/v2.1.0/src/common/InputEncoding.sol#L38). To learn about the withdrawal request format, please refer to the documentation [here](https://github.com/cartesi/honeypot/wiki/Requesting-withdrawals)."
},
"stateValidation": {
"isUnderReview": true,
"categories": [
{
"title": "Fraud proofs",
"description": "After some period of time, the published state root is assumed to be correct. For a certain time period, usually one week, anyone can submit a fraud proof that shows that the state was incorrect.The initial bond for joining the tournament is set to 0.23219805 ETH.",
"risks": [
{
"category": "Funds can be stolen if",
"text": "there is no one that checks the published state. Fraud proofs assume at least one honest and able validator."
}
],
"references": [
{
"title": "Permissionless Refereed Tournaments",
"url": "https://arxiv.org/abs/2212.12439"
},
{
"title": "MultiLevelTournamentFactory.sol#L48 - dispute resolution factory",
"url": "https://etherscan.io/address/0xa02997f69Dc5F1A727abE12ee36f87E28BBdEa6b#code#F1#L48"
},
{
"title": "DaveConsensus.sol#L111 - application consensus",
"url": "https://etherscan.io/address/0xF0D8374F8446E87e013Ec1435C7245E05f439259#code#F1#L111"
}
]
}
]
},
"warning": "The challenge protocol can be subject to delay attacks."
}+1 -0
null+1 -0
null+1 -0
null+1 -0
null+1 -0
null+8 -0
{
"associatedTokens": [
{
"symbol": "CTSI"
}
],
"warnings": []
}+1 -0
null+1 -0
null+6 -0
{
"explanation": "The current PRT implementation uses three tournament levels, which creates liveness risks in the event of Sybil attacks. As a result, a well-funded adversary can create Sybil challengers to keep the dispute tree alive, delaying settlement. Safety and decentralization are unaffected, but withdrawals can be significantly delayed until every branch is resolved.",
"warnings": {
"stateUpdates": "The current PRT implementation is vulnerable to Sybil attacks that may impact settlement liveness. Safety and decentralization are unaffected."
}
}+1 -0
null+1 -0
{}+50 -0
[
{
"projectId": "cartesi-prt-honeypot-v2",
"sinceTimestamp": 1762263971,
"type": "liveness",
"subtype": "batchSubmissions",
"params": {
"formula": "functionCall",
"address": "0x1b51e2992A2755Ba4D6F7094032DF91991a0Cfac",
"selector": "0x1789cd63",
"signature": "function addInput(address appContract, bytes payload) returns (bytes32)"
}
},
{
"projectId": "cartesi-prt-honeypot-v2",
"sinceTimestamp": 1762263971,
"type": "l2costs",
"subtype": "batchSubmissions",
"params": {
"formula": "functionCall",
"address": "0x1b51e2992A2755Ba4D6F7094032DF91991a0Cfac",
"selector": "0x1789cd63",
"signature": "function addInput(address appContract, bytes payload) returns (bytes32)"
}
},
{
"projectId": "cartesi-prt-honeypot-v2",
"sinceTimestamp": 1762263971,
"type": "liveness",
"subtype": "stateUpdates",
"params": {
"formula": "functionCall",
"address": "0xF0D8374F8446E87e013Ec1435C7245E05f439259",
"selector": "0x8bca2e0c",
"signature": "function settle(uint256 epochNumber, bytes32 outputsMerkleRoot, bytes32[] calldata proof)"
}
},
{
"projectId": "cartesi-prt-honeypot-v2",
"sinceTimestamp": 1762263971,
"type": "l2costs",
"subtype": "stateUpdates",
"params": {
"formula": "functionCall",
"address": "0xF0D8374F8446E87e013Ec1435C7245E05f439259",
"selector": "0x8bca2e0c",
"signature": "function settle(uint256 epochNumber, bytes32 outputsMerkleRoot, bytes32[] calldata proof)"
}
}
]+1 -0
null+1 -0
null+1 -0
null+68 -0
{
"ethereum": {
"roles": [],
"actors": [
{
"id": "Cartesi Multisig",
"name": "Cartesi Multisig",
"description": "A Multisig with 3/6 threshold. \n* Can interact with Application\n * withdraw the entire balance in the escrow ",
"accounts": [
{
"address": "eth:0x60247492F1538Ed4520e61aE41ca2A8447592Ff5",
"type": "Contract",
"isVerified": true,
"name": "0x6024…2Ff5",
"url": "https://etherscan.io/address/0x60247492F1538Ed4520e61aE41ca2A8447592Ff5"
}
],
"chain": "ethereum",
"references": [],
"participants": [
{
"address": "eth:0xD91C0C2fC065a2e094129066D2683ef16E6F6032",
"type": "EOA",
"isVerified": true,
"name": "0xD91C…6032",
"url": "https://etherscan.io/address/0xD91C0C2fC065a2e094129066D2683ef16E6F6032"
},
{
"address": "eth:0x53cfaE10bb087bd67288eCA9e7d58E216aEbD961",
"type": "EOA",
"isVerified": true,
"name": "0x53cf…D961",
"url": "https://etherscan.io/address/0x53cfaE10bb087bd67288eCA9e7d58E216aEbD961"
},
{
"address": "eth:0xF4554F08Ed918893996DC36428Cb9DCbF2De990E",
"type": "EOA",
"isVerified": true,
"name": "0xF455…990E",
"url": "https://etherscan.io/address/0xF4554F08Ed918893996DC36428Cb9DCbF2De990E"
},
{
"address": "eth:0xA7Dd0A6AF60ae9Accc7533d016dc7B68Db3324b1",
"type": "EOA",
"isVerified": true,
"name": "0xA7Dd…24b1",
"url": "https://etherscan.io/address/0xA7Dd0A6AF60ae9Accc7533d016dc7B68Db3324b1"
},
{
"address": "eth:0xccD54bae0DfadA083F590f9aA16285f3eE4b5325",
"type": "EOA",
"isVerified": true,
"name": "0xccD5…5325",
"url": "https://etherscan.io/address/0xccD54bae0DfadA083F590f9aA16285f3eE4b5325"
},
{
"address": "eth:0xC826D6061b5C62237932c834B60a5eFf04D80F30",
"type": "EOA",
"isVerified": true,
"name": "0xC826…0F30",
"url": "https://etherscan.io/address/0xC826D6061b5C62237932c834B60a5eFf04D80F30"
}
],
"discoveryDrivenData": true
}
]
}
}+181 -0
{
"addresses": {
"ethereum": [
{
"name": "InputBox",
"isVerified": true,
"address": "eth:0x1b51e2992A2755Ba4D6F7094032DF91991a0Cfac",
"upgradeability": {
"proxyType": "immutable",
"admins": [],
"implementations": [],
"immutable": true
},
"chain": "ethereum",
"description": "Serves as both the canonical log for arbitrary dApp inputs and a portal for depositing assets (one possible type of input). It ensures data availability and that all off-chain participants process the same inputs in the same order.\n",
"discoveryDrivenData": true,
"url": "https://etherscan.io/address/eth:0x1b51e2992A2755Ba4D6F7094032DF91991a0Cfac#code"
},
{
"name": "DaveConsensus",
"isVerified": true,
"address": "eth:0xF0D8374F8446E87e013Ec1435C7245E05f439259",
"upgradeability": {
"proxyType": "immutable",
"admins": [],
"implementations": [],
"immutable": true
},
"chain": "ethereum",
"description": "Contract managing PRT fraud-proof tournaments, application epochs and input validation, as well as settlement and challenge periods. Dispute tournaments are started here and the final, verified computation result (as an `outputsMerkleRoot`) is recorded when they are resolved.\n",
"discoveryDrivenData": true,
"url": "https://etherscan.io/address/eth:0xF0D8374F8446E87e013Ec1435C7245E05f439259#code"
},
{
"name": "Application",
"isVerified": true,
"address": "eth:0xfDDF68726a28e418fA0c2a52c3134904a8c3e998",
"upgradeability": {
"proxyType": "immutable",
"admins": [],
"implementations": [],
"immutable": true
},
"chain": "ethereum",
"description": "Main dApp contract that escrows assets and executes the verified results (outputs) from off-chain computation. It relies on the DaveConsensus contract to validate outputs before releasing assets or triggering on-chain actions. The immutable template hash of the dApp is `0x144d45af1181b35f2b11c4b1150d6cb16934c28093707fb97c911ff16b3fe609`.\n* Roles:\n * **withdrawer**: Cartesi Multisig",
"discoveryDrivenData": true,
"url": "https://etherscan.io/address/eth:0xfDDF68726a28e418fA0c2a52c3134904a8c3e998#code"
},
{
"name": "MiddleTournament",
"isVerified": true,
"address": "eth:0x0a88360f41D0f643ea63ade00c0A1a795395d2D9",
"upgradeability": {
"proxyType": "immutable",
"admins": [],
"implementations": [],
"immutable": true
},
"chain": "ethereum",
"description": "Handles the intermediate stages of a dispute following the TopTournament targeting a more granular bisection game.\n",
"discoveryDrivenData": true,
"url": "https://etherscan.io/address/eth:0x0a88360f41D0f643ea63ade00c0A1a795395d2D9#code"
},
{
"name": "CartesiStateTransition",
"isVerified": true,
"address": "eth:0x31EEaeC2A8d855B13B376b72C172F0c20A2910F6",
"upgradeability": {
"proxyType": "immutable",
"admins": [],
"implementations": [],
"immutable": true
},
"chain": "ethereum",
"description": "Onchain verifier that can execute a single, disputed instruction of the Cartesi machine. It is the ultimate arbiter that BottomTournament calls to determine which party's claimed state transition is correct.\n",
"discoveryDrivenData": true,
"url": "https://etherscan.io/address/eth:0x31EEaeC2A8d855B13B376b72C172F0c20A2910F6#code"
},
{
"name": "MultiLevelTournamentFactory",
"isVerified": true,
"address": "eth:0xa02997f69Dc5F1A727abE12ee36f87E28BBdEa6b",
"upgradeability": {
"proxyType": "immutable",
"admins": [],
"implementations": [],
"immutable": true
},
"chain": "ethereum",
"description": "Responsible for creating and orchestrating the multi-stage dispute process. It instantiates the correct tournament contract (Top, Middle, or Bottom) depending on the current stage of the dispute game.\n",
"discoveryDrivenData": true,
"url": "https://etherscan.io/address/eth:0xa02997f69Dc5F1A727abE12ee36f87E28BBdEa6b#code"
},
{
"name": "TopTournament_example",
"isVerified": true,
"address": "eth:0xA2835312696Afa86c969e40831857dbB1412627f",
"upgradeability": {
"proxyType": "EIP1167 proxy",
"admins": [],
"implementations": [
"eth:0x367Ff3c21E189645aaf17bDD41D4C186686CfE53"
]
},
"chain": "ethereum",
"description": "Represents the entry point and highest level of a dispute in PRT. Disagreeing validators join this tournament to resolve conflicts over the entire computation trace through a bisection game. The required bond amount for joining the Tournament is calculated from worst case gas estimates and currently is 0.23219805 ETH.\n",
"discoveryDrivenData": true,
"url": "https://etherscan.io/address/eth:0xA2835312696Afa86c969e40831857dbB1412627f#code"
},
{
"name": "ERC20Portal",
"isVerified": true,
"address": "eth:0xACA6586A0Cf05bD831f2501E7B4aea550dA6562D",
"upgradeability": {
"proxyType": "immutable",
"admins": [],
"implementations": [],
"immutable": true
},
"chain": "ethereum",
"description": "Contract that allows anyone to perform transfers of ERC-20 tokens to Cartesi DApps.\n",
"discoveryDrivenData": true,
"url": "https://etherscan.io/address/eth:0xACA6586A0Cf05bD831f2501E7B4aea550dA6562D#code"
},
{
"name": "CanonicalTournamentParametersProvider",
"isVerified": true,
"address": "eth:0xc8d8639C3ec8925A00d4F262299807DC632c3113",
"upgradeability": {
"proxyType": "immutable",
"admins": [],
"implementations": [],
"immutable": true
},
"chain": "ethereum",
"description": "Provides constant configuration data for the tournament system. It defines parameters like the number of levels (3), the minimum challenge period of ~7d, and the size of computation segments at each stage of a dispute.\n",
"discoveryDrivenData": true,
"url": "https://etherscan.io/address/eth:0xc8d8639C3ec8925A00d4F262299807DC632c3113#code"
},
{
"name": "BottomTournament",
"isVerified": true,
"address": "eth:0xe6B4444d324E0B403c9C43C5d7c8B2C3d5d02962",
"upgradeability": {
"proxyType": "immutable",
"admins": [],
"implementations": [],
"immutable": true
},
"chain": "ethereum",
"description": "Referees the dispute over a single contested Cartesi machine step as the final stage of arbitration in a dispute. It calls the CartesiStateTransition contract to get a definitive on-chain ruling and identify the winner.\n",
"discoveryDrivenData": true,
"url": "https://etherscan.io/address/eth:0xe6B4444d324E0B403c9C43C5d7c8B2C3d5d02962#code"
}
]
},
"escrows": [
{
"address": "0xfDDF68726a28e418fA0c2a52c3134904a8c3e998",
"sinceTimestamp": 1762562699,
"tokens": "*",
"contract": {
"isVerified": true,
"address": "eth:0xfDDF68726a28e418fA0c2a52c3134904a8c3e998",
"upgradeability": {
"proxyType": "immutable",
"admins": [],
"implementations": [],
"immutable": true
},
"chain": "ethereum",
"description": "Contract storing bounty funds.",
"url": "https://etherscan.io/address/0xfDDF68726a28e418fA0c2a52c3134904a8c3e998#code"
},
"chain": "ethereum",
"includeInTotal": true,
"chainId": 1
}
],
"risks": []
}+7 -0
{
"baseTimestamp": 1763109405,
"contractsDiscoDriven": true,
"hasDiscoUi": true,
"isDiscoDriven": true,
"permissionsDiscoDriven": true
}+1 -0
null+1 -0
1+1 -0
null+1 -0
null+1 -0
null+1 -0
null+1 -0
null+5 -0
+5 -0
{
"daLayer": "ethereum",
"name": "Enshrined Bridge",
"risks": {
"daBridge": {
"value": "Enshrined",
"sentiment": "good",
"description": "Rollup users have access to all the data, as it is posted onchain on the consensus layer. On the execution layer, the rollup relies on blob data commitment (versioned hashes), which are accessible through the BLOBHASH opcode. \nThe rollup smart contracts can use these blob commitments during state transition validation to reference blobs during proof verification, without requiring direct access to the raw blob data.\n "
},
"callout": "Unlike non-enshrined DA bridges, it does not place any honesty\n assumption on an external committee that provides data availability\n attestations to the DA bridge. From the rollup perspective,\n Ethereum's canonical chain cannot contain unavailable data\n commitments as full nodes self-verify the data availability of each\n block, discarding blocks with unavailable data. The rollup state\n validating bridge has access to all the data, as it is posted on chain."
},
"technology": {
"description": "\n ## Enshrined Bridge\n The DA bridge on Ethereum is enshrined, meaning that blob data is directly accessible on the consensus layer, with data availability guaranteed by the network's inherent consensus rules. \n If a block contains unavailable data, full nodes will reject it, causing the chain to fork away from that block. This ensures data availability without requiring additional trust assumptions. \n In contrast, external DA providers must rely on data availability attestations from the external validator set, introducing an extra layer of trust on the majority of validators.\n "
},
"usedIn": [
{
"id": "abstract",
"name": "Abstract",
"slug": "abstract"
},
{
"id": "arbitrum",
"name": "Arbitrum One",
"slug": "arbitrum"
},
{
"id": "arenaz",
"name": "Arena-Z",
"slug": "arenaz"
},
{
"id": "base",
"name": "Base Chain",
"slug": "base"
},
{
"id": "blast",
"name": "Blast",
"slug": "blast"
},
{
"id": "bob",
"name": "BOB",
"slug": "bob"
},
{
"id": "bobanetwork",
"name": "Boba Network",
"slug": "bobanetwork"
},
{
"id": "cartesi-prt-honeypot-v2",
"name": "Cartesi PRT Honeypot v2",
"slug": "cartesi-prt-honeypot-v2"
},
{
"id": "dbk",
"name": "DeBank Chain",
"slug": "dbk"
},
{
"id": "deri",
"name": "Deri",
"slug": "deri"
},
{
"id": "ethernity",
"name": "Epic Chain",
"slug": "epicchain"
},
{
"id": "facet",
"name": "Facet v1",
"slug": "facet"
},
{
"id": "forknet",
"name": "Forknet",
"slug": "forknet"
},
{
"id": "hashkey",
"name": "HashKey Chain",
"slug": "hashkey"
},
{
"id": "hemi",
"name": "Hemi",
"slug": "hemi"
},
{
"id": "ink",
"name": "Ink",
"slug": "ink"
},
{
"id": "jovay",
"name": "Jovay",
"slug": "jovay"
},
{
"id": "karak",
"name": "K2",
"slug": "k2"
},
{
"id": "katana",
"name": "Katana",
"slug": "katana"
},
{
"id": "lighter",
"name": "Lighter",
"slug": "lighter"
},
{
"id": "linea",
"name": "Linea",
"slug": "linea"
},
{
"id": "lisk",
"name": "Lisk",
"slug": "lisk"
},
{
"id": "loopring",
"name": "Loopring",
"slug": "loopring"
},
{
"id": "metal",
"name": "Metal",
"slug": "metal"
},
{
"id": "metis",
"name": "Metis Andromeda",
"slug": "metis"
},
{
"id": "mint",
"name": "Mint",
"slug": "mint"
},
{
"id": "mode",
"name": "Mode Network",
"slug": "mode"
},
{
"id": "morph",
"name": "Morph",
"slug": "morph"
},
{
"id": "optimism",
"name": "OP Mainnet",
"slug": "op-mainnet"
},
{
"id": "optopia",
"name": "Optopia",
"slug": "optopia"
},
{
"id": "paradex",
"name": "Paradex",
"slug": "paradex"
},
{
"id": "phala",
"name": "Phala",
"slug": "phala"
},
{
"id": "polygonzkevm",
"name": "Polygon zkEVM",
"slug": "polygonzkevm"
},
{
"id": "polynomial",
"name": "Polynomial",
"slug": "polynomial"
},
{
"id": "r0ar",
"name": "R0ar",
"slug": "r0ar"
},
{
"id": "race",
"name": "Race Network",
"slug": "race"
},
{
"id": "scroll",
"name": "Scroll",
"slug": "scroll"
},
{
"id": "settlus",
"name": "Settlus",
"slug": "settlus"
},
{
"id": "shape",
"name": "Shape",
"slug": "shape"
},
{
"id": "soneium",
"name": "Soneium",
"slug": "soneium"
},
{
"id": "sxt",
"name": "Space and Time",
"slug": "sxt"
},
{
"id": "starknet",
"name": "Starknet",
"slug": "starknet"
},
{
"id": "superseed",
"name": "Superseed",
"slug": "superseed"
},
{
"id": "swan",
"name": "Swan Chain",
"slug": "swan"
},
{
"id": "swell",
"name": "Swellchain",
"slug": "swell"
},
{
"id": "syndicateframe",
"name": "Syndicate Frame Chain",
"slug": "syndicateframe"
},
{
"id": "taiko",
"name": "Taiko Alethia",
"slug": "taiko"
},
{
"id": "unichain",
"name": "Unichain",
"slug": "unichain"
},
{
"id": "worldchain",
"name": "World Chain",
"slug": "world"
},
{
"id": "zeronetwork",
"name": "ZERO Network",
"slug": "zeronetwork"
},
{
"id": "zircuit",
"name": "Zircuit",
"slug": "zircuit"
},
{
"id": "aztec",
"name": "Zk.Money v1 (Aztec v1)",
"slug": "aztecv1"
},
{
"id": "zksync2",
"name": "ZKsync Era",
"slug": "zksync-era"
},
{
"id": "zksync",
"name": "ZKsync Lite",
"slug": "zksync-lite"
},
{
"id": "zora",
"name": "Zora",
"slug": "zora"
}
]
}