Adversarial AI red-teaming arena on 0G Chain. Deploy AI agents with prize pools. Break them with prompt injection to win. All verified by TEE on 0G Compute.
0G APAC Hackathon 2026
BUILT ON 0G Mainnet NETWORK
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
InjectMe is an AI adversarial red-teaming arena that turns prompt injection attacks into a competitive, economically incentivized game on 0G Chain.
Defenders deploy AI agents with hidden system prompts and fund prize pools. Attackers pay per attempt to break the AI through prompt injection. If an attacker cracks the agent, they claim the prize pool. If nobody succeeds, the defender keeps everything.
Every judgment runs inside a Trusted Execution Environment via 0G Compute, every result is permanently stored on 0G Storage, and every settlement happens on 0G Chain. AI agents are represented as ERC-7857 iNFTs that can be transferred, cloned, and traded with TEE re-encryption.
Functional MVP | Live on 0G Mainnet (Aristotle) | 6 contracts deployed | Full frontend + backend
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
- No Economic Incentives
Red-teaming is manual, expensive, and inconsistent. Testers have no financial motivation to find vulnerabilities.
- No Verifiable Proof
There is no on-chain record that an AI system was adversarially tested before deployment.
- Centralized Trust
AI evaluations rely on the operator's honesty. Results can be manipulated or hidden.
- Static Testing
Traditional audits are one-time snapshots. AI agents evolve, but testing does not.
- Incentivized Red-Teaming
Attackers earn real rewards for finding vulnerabilities. Defenders earn fees from failed attempts.
- On-Chain Proof of Testing
Every attack attempt, judgment, and outcome is recorded on 0G Chain with TEE attestation.
- Trustless Evaluation
All AI inference runs inside TEE via 0G Compute. Neither party can observe or manipulate the process.
- Continuous Testing
Challenges run for hours, days, or weeks. Agents are battle-tested continuously, not just once.
- Global AI safety and red-teaming market growing rapidly
- No existing on-chain adversarial testing platform
- Applicable to any LLM: customer service bots, coding assistants, financial advisors
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
1. TEE Sealed Inference (Core Innovation)
- AI evaluation runs inside hardware enclaves via 0G Compute
- System prompts are never exposed to attackers or validators
- Each evaluation produces a verifiable chatID with cryptographic attestation
- Fallback provider system: if primary fails, automatically tries all available providers
2. Commit-Reveal Anti-Front-Running
- Attacker commits keccak256(message, salt, attacker) on-chain
- Backend processes the actual message via TEE
- Oracle reveals result with revealAndRecord()
- 5-minute reveal window prevents miners from front-running results
3. ERC-7857 iNFT Agents
- Each challenge mints an intelligent NFT representing the AI agent
- Encrypted system prompt stored with AES-256-GCM
- Transfer triggers TEE re-encryption (new owner gets access, old owner loses it)
- Clone creates a copy with re-encrypted data
- Authorize/revoke grants or removes read access
- Security score tracks survival rate across attacks
4. Oracle Consensus
- Multiple operators stake native 0G tokens
- Judgments require M-of-N confirmations before execution
- Incorrect judgments are slashed, honest operators earn rewards
- Active set: top N stakers by amount (max 50)
- 7-day unstake timelock
5. Three Challenge Modes
- Tournament: Attacker fees grow the prize pool (80% pool / 10% defender / 10% protocol)
- Bounty: Defender funds prize upfront, attacks are free
- Alignment: Reward per attempt for AI safety data collection
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Address: 0x8B16b1AF11B8b927290c6C69a24ed12002030eF0
Explorer: https://chainscan.0g.ai/address/0x8B16b1AF11B8b927290c6C69a24ed12002030eF0
Main registry contract. Creates Tournament, Bounty, and Alignment challenges. Manages fee collection, oracle wiring, and prize distribution. Each challenge deploys a separate escrow contract with commit-reveal game logic.
Address: 0x3a725eA9c69094550F6Df4C897400B9379d0aD83
Explorer: https://chainscan.0g.ai/address/0x3a725eA9c69094550F6Df4C897400B9379d0aD83
Companion factory for ERC-20 token challenges. Enables challenges denominated in any ERC-20 token via Wrapped0GBase integration.
Address: 0x535e47b2D4409Cab1AB1325BC6fC4C9F9ef106C1
Explorer: https://chainscan.0g.ai/address/0x535e47b2D4409Cab1AB1325BC6fC4C9F9ef106C1
Each challenge mints an intelligent NFT representing the AI agent. Implements ERC-7857 standard for NFTs with TEE-encrypted data. Supports transfer with re-encryption, cloning, authorization, and revocation. Tracks security metrics: total attempts, survival rate, breach status.
Address: 0xD1F2FA31E221EBeF13Fac259123aCd7B79C23018
Explorer: https://chainscan.0g.ai/address/0xD1F2FA31E221EBeF13Fac259123aCd7B79C23018
On-chain TEE proof verification for ERC-7857 operations. Maintains a registry of authorized TEE signers. Verifies ECDSA signatures from hardware enclaves. Replay protection via used proof tracking.
Address: 0x1c6838de56aDe21a8eEcd125b273F8cBF17f881f
Explorer: https://chainscan.0g.ai/address/0x1c6838de56aDe21a8eEcd125b273F8cBF17f881f
On-chain reputation tracking for both attackers and defenders. Records total attempts, successful breaches, challenges participated, total earnings, and win rates. Scores computed in basis points.
Address: 0x064378fdC30bF7f9A9B79D6f70e889384545b7A9
Explorer: https://chainscan.0g.ai/address/0x064378fdC30bF7f9A9B79D6f70e889384545b7A9
Decentralized oracle network via staking. Operators stake 0G tokens to participate in judgment validation. M-of-N confirmations required. Slashing for dishonest operators. 7-day unstake timelock.
Network: 0G Mainnet (Aristotle), Chain ID 16661
All contracts deployed and operational.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Frontend (TanStack Start + React 19)
> Smart Contracts (0G Chain)
> 0G Compute (TEE Sealed Inference)
> 0G Storage (KV + Log Layers)
> Backend API (Fastify 5 + Bun)
> PostgreSQL (Prisma ORM)
Key Properties:
- Trustless AI evaluation via hardware enclaves
- No off-chain judgment manipulation possible
- Fully transparent attack history and attestation
- Pull-over-push withdrawal pattern for prize distribution
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
0G Chain (Settlement)
- 6 smart contracts for challenge lifecycle, escrow, reputation, staking
- Native 0G token for prize pools, fees, and staking
- On-chain commit-reveal for anti-front-running
- TEE attestation anchoring
0G Compute (AI Inference)
- TEE sealed inference via @0glabs/0g-serving-broker SDK
- Tamper-proof AI evaluation (system prompt never exposed)
- Verifiable chatID attestation per evaluation
- Streaming SSE responses for real-time attack feedback
- Automatic fallback across multiple compute providers
- Fine-tuning job submission
0G Storage (Data Availability)
- KV Store: challenge configs, conversation histories, reputation snapshots
- Log Layer: encrypted attack archives, TEE attestations, alignment datasets
- ECIES encryption with oracle-derived keys
- Merkle proof verification for any stored data
- Alignment datasets published as public goods
ERC-7857 iNFT
- AI agents as on-chain transferable assets
- TEE re-encryption on transfer and clone
- Authorize/revoke read access to encrypted data
- Security score tracking per agent
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Traditional Bug Bounties InjectMe
Economic Incentives No Partial Yes (prize pools)
Verifiable Proof No No Yes (on-chain + TEE)
Trustless Evaluation No No Yes (TEE enclaves)
Continuous Testing No Yes Yes (timed challenges)
AI-Specific No No Yes (prompt injection)
On-Chain Settlement No No Yes (0G Chain)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
- Smart Contracts: Solidity 0.8.20 | OpenZeppelin | Foundry
- Frontend: TanStack Start | React 19 | Tailwind CSS 4 | HeroUI
- Backend: Fastify 5 | Bun | Prisma 7 | PostgreSQL
- Wallet: wagmi v3 | viem
- AI Inference: 0G Compute (TEE) | @0glabs/0g-serving-broker
- Storage: 0G Storage | @0gfoundation/0g-ts-sdk
- Chain: 0G Mainnet (Aristotle) | Chain ID 16661
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
- Frontend: https://inject-me.vercel.app
- Backend: https://injectme-production.up.railway.app
- GitHub: https://github.com/louissarvin/InjectMe
- Explorer: https://chainscan.0g.ai
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
InjectMe turns AI safety testing into a competitive arena with real economic stakes. By combining 0G Compute (TEE), 0G Storage (DA), and 0G Chain (settlement), every attack, judgment, and outcome is trustless, verifiable, and permanent. Break AI. Prove it on-chain. Earn rewards.
### Smart Contracts
- 6 Solidity contracts: ChallengeFactory, Challenge, AgentNFT (ERC-7857), TeeOracle, ReputationRegistry, OracleStaking
- 306 Foundry tests passing
- Deployed on 0G Mainnet (Aristotle, Chain ID 16661)
- 2 rounds of security audit fixes
### Backend
- Fastify 5 + Bun API server with 62 tests
- 0G Compute integration (TEE sealed inference with fallback providers)
- 0G Storage integration (KV + Log layers, ECIES encryption)
- Commit-reveal attack flow with anti-front-running
- Oracle consensus system (M-of-N confirmations)
- Background workers: event indexer, challenge expiry, fine-tuning monitor
- Deployed on Railway
### Frontend
- TanStack Start + React 19 with file-based routing
- wagmi v3 + viem for 0G Chain wallet connection
- Challenge creation (Tournament, Bounty, Alignment modes)
- Real-time attack interface with streaming responses
- ERC-7857 iNFT management (transfer, clone, authorize, revoke)
- TEE attestation verification page
- Leaderboard and player profiles
- Deployed on Vercel
### 0G Integration
- 0G Chain: Settlement layer for all economic activity (escrow, prizes, reputation, staking)
- 0G Compute: TEE sealed inference for tamper-proof AI evaluation
- 0G Storage: Permanent data availability with Merkle proofs (KV + Log)
- ERC-7857 iNFT: AI agents as transferable on-chain assets with TEE re-encryption
Not fundraised. InjectMe is a hackathon project built from scratch during the 0G Hackathon.