Orbiter Challenger’s Bounty — Challenge the Malicious Maker

4 min readJan 6, 2024

Orbiter Bridge Protocol is a decentralized L2 cross-chain protocol that employs a pre-trust, post-arbitration approach. Backed by ZK technology, it ensures secure, real-time, and cost-effective asset bridging, elevating Ethereum’s cross-chain compatibility and maintaining real-time synchronization within the Ethereum ecosystem.

About the Bounty: Challenge the Malicious Maker

Before granting full access to the Maker role on Orbiter, we need to ensure the security of user funds by penalizing malicious Makers. We’ve developed zkSPV technology, enabling cost-effective validation of transactions on Layer 2 within the mainnet. This verification ensures correct responses from Makers to messages.

To validate both zkSPV technology and the Orbiter protocol’s arbitration process, we’ve launched the Bounty Program, inviting community developers to participate and test the Orbiter protocol.

Start the challenge here: https://github.com/Orbiter-Finance/client-arbitration

What is the process?

Throughout the event, Orbiter’s official Maker will intentionally and intermittently refrain from responding to messages from certain users each day. It’s important to note that these users are internal staff of Orbiter and do not impact regular users. This intentional non-response is designed to create challenges. Challengers can initiate challenges when they identify source chain transactions to which the Maker did not respond.

Which networks does the event support?

This event supports both the Ethereum and zksyncEra networks.


  • Successful Challengers will get a share of the 3 ETH prize pool automatically.
  • 2 additional ETHs will be distributed to successful Challengers based on the assigned weights after the event. (Details to be determined)

How to challenge the malicious Maker?

In the Orbiter protocol, anyone can become a champion of justice by challenging ‘malicious makers’ who fail to respond to messages (payments) on the target chain in a timely and accurate manner. Upon a successful challenge, the Challenger is entitled to receive rewards. The steps for the challenge are as follows:

  1. Observe the market-making rules specified in the MDC contract associated with the Maker. Retrieve transactions from users on the source chain sent to the Maker and transactions from the Maker on the target chain sent to users. Verify whether responses to users on the target chain are provided within the specified latest repayment time according to the established rules.
  2. If the Maker fails to respond to the user within the latest repayment time, the Challenger can initiate a challenge by invoking the ‘challenge’ function in the Maker’s MDC contract (Note: to prevent spam attacks, initiating a challenge requires a 0.005 ETH payment as a challenge ticket).
  3. After the final confirmation on the mainnet (currently 4 hours in the zkSync Era network), Challengers are required to call the ‘verifyChallengeSource’ function of the MDC contract. They should send zkSPV proofs to validate the source chain TX (Note: zkSync Era network requires proofs of validity to be initiated within a maximum of 3 days; failure to do so within this timeframe will result in the Challenger being deemed unsuccessful).
  4. After the Challenger successfully validates the source chain TX, if the Maker fails to verify the validity of the dest chain TX within the specified time, the Challenger’s challenge is considered successful. The Orbiter protocol will refund the Challenger’s challenge ticket, cover gas expenses incurred during the challenge, and provide a reward (30% of the source TX amount). However, if the Maker can validate the dest chain TX, the Challenger will be deemed unsuccessful.

Note: Given the complexity of the challenge steps and the requirement to generate ZK proofs, we’ve developed an Arbitration Client to streamline the process for challengers. By cloning the code and following the instructions in the Readme file located in the repository’s root directory to set up their private keys and mainnet RPC, Challengers can easily initiate challenges. Moreover, since the current operation of the zkSPV circuit for proof generation demands sophisticated machine configurations, Orbiter offers a complimentary service for zkSPV proof generation.

Find the source code here: GitHub

Of course, Orbiter’s zkSPV circuit code is open-source, and Challengers can independently run the circuit to generate proofs. The following machine configuration is required:

  • CPU: 2 * AMD EPYC 7763 64-Core Processor
  • Memory: 512GB RAM
  • GPU: NVIDIA GeForce RTX 4090 with 24GB of VRAM

How to get help?

If you have any questions about the bounty program or encounter issues during the use of the arbitration client, you can join this Discord channel for assistance.

Important Legal Information

The Bounty Challenge Program serves as an experimental rewards initiative, inviting exceptional developers to explore our innovative arbitration mechanism for cross-rollup transfers. The determination of rewards rests solely with the Orbiter Finance team, and all rewards are subject to relevant laws and applicable taxes. Participants are strongly urged not to target our security measures or attempt any form of attack on the program. It is imperative that your testing adheres to all legal requirements and does not compromise any data that does not belong to the tester.




Orbiter Finance is a decentralized cross-rollup Layer 2 bridge with a contract only on the destination side.