> For the complete documentation index, see [llms.txt](https://hypatia-ai.gitbook.io/hypatia-protocol/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://hypatia-ai.gitbook.io/hypatia-protocol/security/smart-contract.md). # Smart Contract ## Zero Knowledge Proofs Zero knowledge proofs (ZKPs) are a method of proving the validity of a statement without revealing any additional information beyond the statement's validity. In the context of our proof of storage protocol, ZKPs could be used to prove the integrity and availability of stored data without revealing the specific data itself. One way this could be implemented is by using a ZKP to prove that a user has a certain piece of data without revealing the data itself. For example, a user could use a ZKP to prove that they have a valid copy of a file without revealing the contents of the file. This can be accomplished by using a technique called "commitment schemes," where a user generates a cryptographic commitment to a piece of data, and can later reveal the commitment and the data to a verifier to prove that they had the data at a previous point in time. Another way ZKPs could be used in our protocol is by using them to prove that a user has performed a certain computation on a piece of data without revealing the input or output of the computation. This can be accomplished using techniques like "zero knowledge succinct non-interactive arguments of knowledge" (zk-SNARKs) or "zero knowledge proof of retrievability" (zk-PoR). ## Pentesting Smart contract pentesting refers to the process of testing the security of smart contracts on a blockchain. This is done by simulating various attack scenarios and attempting to identify vulnerabilities in the smart contract code. The goal of smart contract pentesting is to identify and mitigate potential security risks before they can be exploited by malicious actors. ## Auditing One common method of smart contract pentesting is manual code review aka an Audit. This involves manually reviewing the smart contract code and identifying any potential vulnerabilities. This can be a time-consuming and labor-intensive process, but it can also provide a more thorough analysis of the smart contract. It is important to note that smart contract auditing is not a one-time process. Smart contracts should be regularly monitored and audited to ensure that they continue to function as intended and that any new vulnerabilities are identified and addressed in a timely manner. Moreover, smart contract auditing also includes a legal review of the smart contract, this ensures that the smart contract complies with the laws and regulations of the country it will be used in. ## Automated Scans Another method of smart contract pentesting is automated testing. This involves using specialized software tools to scan the smart contract code and identify potential vulnerabilities. Automated testing can be faster and more efficient than manual code review, but it may not be as thorough. A few examples of automated smart contract pentesting tools are Mythril, Oyente and Manticore. These tools can help to identify common vulnerabilities such as reentrancy, overflow, and underflow bugs. ## Testnet Debugging Another important aspect of smart contract pentesting is testing the smart contract on a testnet before deployment on the mainnet, this allows to identify and fix bugs before they can affect the real network and real assets. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://hypatia-ai.gitbook.io/hypatia-protocol/security/smart-contract.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.