Skip to content

ETHDenver 2023 OpenZeppelin Hackathon Bounty Winners

Security stays at the forefront of BUIDLers’ development strategy for winning submissions at ETHDenver 2023.

Participants at ETHDenver’s build week were invited to build dapps that made use of OpenZeppelin Defender, the security and automation platform for Web3. The blockchain developer event turned out an impressive range of projects, surpassing 300 total submissions, with nearly 10% of projects using OpenZeppelin Defender to secure their smart contract projects in addition to the majority of projects leveraging OpenZeppelin’s secure smart contract libraries. Top entrants received cash prizes awarded by OpenZeppelin totaling $10,000 in USDC. In this article, we will highlight the innovative use cases of these projects.

Each submission addresses a unique challenge facing developers and users alike, from securely sending crypto to anyone on Twitter to simplifying cross-chain gas payments and defending against security threats. Whether a seasoned professional or a newcomer to the space, these projects offer interesting new possibilities for building secure, reliable, and user-friendly blockchain applications. 

3rd Place – Transfer Funds to Twitter User via Securely Relayed Meta-Transactions

The goal of project Stork was for users to easily transfer digital assets to anyone without needing to know their address. Stork allows sending on-chain digital assets to a Twitter handle that can be claimed by the owner of that handle in a trustless and non-custodial manner.

The app relies on Chainlink Functions to map the Twitter handle to an on-chain address. When a user arrives at the app, they are prompted to connect their wallet and designate the Twitter user they would like to send MATIC to. The transferred funds are kept in an escrow account until claimed by the recipient. To claim their funds, the recipient needs to send a transaction that verifies they are the correct account owner. Ordinarily, this would require that the recipient pay gas for this transaction. 

The app addresses this point of friction via a gasless meta-transaction. Behind the scenes, Stork makes use of an Autotask to execute filtering logic that determines whether the user is able to pay gas for this transaction. If there are insufficient funds in the user’s connected wallet, the Autotask makes use of a Relay to securely send the funds via meta-transaction, allowing the Relay to handle gas payment, nonce management, and automatic resubmissions as necessary.

The demo app, its smart contract deployed to the Mumbai network, is available at storkapp.xyz.

2nd Place – Simplify Cross-Chain Gas Fees With Account Abstraction

Cross-chain bridges are a common target for attackers looking to steal funds, and token swapping is a point of user friction when interacting with different blockchains. CrossFuel makes use of Account Abstraction to simplify gas payment for multichain dapps by allowing users to pay the required amount of gas with any token type on any of the supported chains.

User interaction with CrossFuel is greatly streamlined by bundling the necessary operations (gas calculation, token swapping, and transaction submission) into a single transaction. A user could arrive at the app holding only tokens on a different chain, yet easily proceed with transaction submission. 

The gas fee amount of the paymaster is verified and paid for via a Defender Autotask/Relay integration that determines the correct balance using a cross-chain bridge and swap mechanism. Once the calculation and token swapping are resolved, the transaction and the connected chain’s required gas are submitted.

1st Place – A Honeypot for Attackers

The team claiming the first prize for the OpenZeppelin-sponsored bounty program at ETHDenver’s Hackathon was recently highlighted via a Cointelegraph article. Their project leverages OpenZeppelin Defender for its security monitoring and incident response notification capabilities. A honeypot is an intentionally-compromised system intended to lure would-be attackers. HoneyDApp uses Defender to monitor the interactions of an attacker attempting to exploit a reentrancy vulnerability.

By making use of Sentinel security monitors to watch for interactions with sensitive functions, the system can trigger notifications to be sent to the incident response team along with detailed logs on the attempted exploit. The data gathered on the attacker can be provided to the team and other notification channels. By logging the attacker’s interaction and collecting data on their methods, HoneyDApp aims to halt them before they can cause actual damage. Such data can be used to add these addresses to denylists and thereby aid in efforts to halt the efforts of those who would seek to steal funds and hack other protocols.

Honorable Mentions

  • Krypto Kredit (Top 3 in Impact & Public Goods Track for overall hackathon)
    Using Krypto Kredit, users can build credit by bringing off-chain transaction data on-chain via NFT invoicing and validators. OpenZeppelin Defender is used to securely relay signed transactions.
  • Gasly (Top 3 in DeFi track for overall hackathon)
    To pay for a transaction, it is necessary to pay the associated gas fees using the native currency of a given blockchain. Gasly is a browser extension enabling the user to pay for the execution of a given transaction by leveraging a token swap via Uniswap, bypassing the need to hold MATIC. An OpenZeppelin Relayer is used to relay the approval and swap the user’s signed transactions.
  • The Goerlinator (Built a gasless Goerli faucet)
    When building, developers rely on testnet ETH to pay the necessary costs of contract deployment and interaction. With faucets being a frequent target for bots and testnet ETH in short supply, it’s valuable to have a working faucet of Goerli ETH that relies on a Relayer in OpenZeppelin Defender, enabling users to claim without paying gas.

We appreciate all the BUIDLers who participated in ETHDenver, especially those who leveraged OpenZeppelin Defender, the secure smart contract automation platform, for their hacks. The implementations, complexity, and security implications of the projects developed shows a continued commitment to safe development, and secure end-user experiences across Web3. If you’d like to secure your own blockchain project with OpenZeppelin Defender, then start using the secure smart contract security platform today.