Protocol

Security

3SAT treats security as protocol behavior, not only infrastructure hardening. The protocol combines on-chain multi-asset escrow, content digests, commit-reveal, verifier stake, role conflict checks, keeper finalization, and private artifact access for answer files.

Focus

Implemented controls, operational assumptions, and the security roadmap.

  • Solver commitments bind bounty id, solver address, solution reference, solution digest, and salt before reveal.
  • Bounty instances and solution artifacts are referenced by content digests, so downloaded files can be checked against the value committed on-chain.
  • Verifier stake, eligibility checks, issuer/solver conflict restrictions, and owner slashing authority reduce dishonest attestation risk.

Next Step

Continue evaluating 3SAT

Review the protocol docs, launch the app, or continue through adjacent protocol and solution pages.

Details

Practical context

01

Implemented Protocol Controls

The protocol protects the bounty lifecycle at the contract layer. Issuers choose a supported payment asset, then escrow solver rewards and verifier reward pools before a bounty is created. Solvers lock the bounty's required bond in the same payment asset before committing. Verifiers stake $3SAT to become eligible, and the contract blocks solvers from attesting to their own submissions and issuers from voting on their own bounties.

  • Escrowed rewards prevent unpaid winning outcomes.
  • Commit-reveal reduces answer copying and mempool front-running.
  • Accepted quorum can be finalized by the keeper without manual user settlement.
  • Verifier rewards are paid only to the winning side for finalized accepted submissions.
  • USDC bounties settle in USDC; $3SAT bounties settle in $3SAT.

02

Artifact and Access Security

The protocol uses private Cloudflare R2 storage for uploaded CNF instances, SAT assignments, and UNSAT proof artifacts. The chain stores references and digests, while paid access endpoints enforce who can download finalized answers. This keeps search and bounty discovery usable while preventing public answer leakage before access is granted.

  • Answer bundle downloads are gated by purchase status, issuer ownership, or protocol authorization.
  • Answer access fees use the finalized bounty's selected payment asset.
  • Downloaded problem and answer files are verified against expected digests.
  • The architecture can mirror artifacts to IPFS without changing the core bounty interface.

03

Security Roadmap

The production roadmap adds stronger storage redundancy, enterprise artifact privacy, and more automated validation. The goal is to support public research data and sensitive enterprise SAT workloads through separate access policies rather than one universal storage mode.

  • Mirror finalized public artifacts to IPFS or another durable decentralized storage layer.
  • Add encrypted enterprise uploads where only authorized solvers and verifiers can decrypt task data.
  • Harden the indexer, keeper, and official verifier node with monitoring, retry policies, signed releases, and audit trails.
  • Add external audit coverage and formal review as value at risk increases.