Automata is working with RISC Zero’s zkVM to aggregate Intel SGX DCAP attestations. As part of our efforts, verifying SGX DCAP attestations is now 8x cheaper than the current state of the art.

The challenge of this bounty is to submit a DCAP quote that can be successfully verified even if it does not originate from a genuine Intel SGX machine.

Task

Participants are required to submit an invalid/false DCAP proof that can be verified using the Bonsai CLI tool. The proof should be constructed where it successfully passes validation checks, despite not originating from a genuine Intel SGX machine.

https://github.com/automata-network/dcap-bonsai-cli

• Proof Validation: The submitted proof must be validated by the Bonsai CLI tool.
• Invalid Data Handling: Submissions should include examples of how the Bonsai CLI tool responded to invalid quote data.

Submit your report by filling up this form.

References

• Proof verification: The screen recording shows the Bonsai CLI tool verifying a proof that it deems to be valid
• Invalid proof: The screen recording shows the Bonsai CLI tool rejecting invalid quote data, causing it to "panic" as expected.

Reward

The successful submission will be awarded a bounty of $10,000 ATA.

Submission Details

• Method of submission:
  • Please fill up this Google form with these details:
    • Provide either a hexstring with the --quote-hex flag, or a stored hexfile in /data/quote.hex. If you store your quote elsewhere, you may pass the path with the --quote-path flag.
    • Do a screen recording of a successful verification generated by the invalid proof

Support

Discord for discussions and questions: ata.ws/discord