InjectMe: AI Adversarial Red-Teaming Arena on 0G Chain

0G APAC Hackathon 2026

BUILT ON 0G Mainnet NETWORK

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

EXECUTIVE SUMMARY

InjectMe is an AI adversarial red-teaming arena that turns prompt injection attacks into a competitive, economically incentivized game on 0G Chain.

Defenders deploy AI agents with hidden system prompts and fund prize pools. Attackers pay per attempt to break the AI through prompt injection. If an attacker cracks the agent, they claim the prize pool. If nobody succeeds, the defender keeps everything.

Every judgment runs inside a Trusted Execution Environment via 0G Compute, every result is permanently stored on 0G Storage, and every settlement happens on 0G Chain. AI agents are represented as ERC-7857 iNFTs that can be transferred, cloned, and traded with TEE re-encryption.

Status:

Functional MVP | Live on 0G Mainnet (Aristotle) | 6 contracts deployed | Full frontend + backend

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

PROBLEM > SOLUTION

Problems in AI Safety Testing

- No Economic Incentives

Red-teaming is manual, expensive, and inconsistent. Testers have no financial motivation to find vulnerabilities.

- No Verifiable Proof

There is no on-chain record that an AI system was adversarially tested before deployment.

- Centralized Trust

AI evaluations rely on the operator's honesty. Results can be manipulated or hidden.

- Static Testing

Traditional audits are one-time snapshots. AI agents evolve, but testing does not.

InjectMe Solution

- Incentivized Red-Teaming

Attackers earn real rewards for finding vulnerabilities. Defenders earn fees from failed attempts.

- On-Chain Proof of Testing

Every attack attempt, judgment, and outcome is recorded on 0G Chain with TEE attestation.

- Trustless Evaluation

All AI inference runs inside TEE via 0G Compute. Neither party can observe or manipulate the process.

- Continuous Testing

Challenges run for hours, days, or weeks. Agents are battle-tested continuously, not just once.

Market Opportunity:

- Global AI safety and red-teaming market growing rapidly

- No existing on-chain adversarial testing platform

- Applicable to any LLM: customer service bots, coding assistants, financial advisors

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

TECHNICAL INNOVATION

1. TEE Sealed Inference (Core Innovation)

- AI evaluation runs inside hardware enclaves via 0G Compute

- System prompts are never exposed to attackers or validators

- Each evaluation produces a verifiable chatID with cryptographic attestation

- Fallback provider system: if primary fails, automatically tries all available providers

2. Commit-Reveal Anti-Front-Running

- Attacker commits keccak256(message, salt, attacker) on-chain

- Backend processes the actual message via TEE

- Oracle reveals result with revealAndRecord()

- 5-minute reveal window prevents miners from front-running results

3. ERC-7857 iNFT Agents

- Each challenge mints an intelligent NFT representing the AI agent

- Encrypted system prompt stored with AES-256-GCM

- Transfer triggers TEE re-encryption (new owner gets access, old owner loses it)

- Clone creates a copy with re-encrypted data

- Authorize/revoke grants or removes read access

- Security score tracks survival rate across attacks

4. Oracle Consensus

- Multiple operators stake native 0G tokens

- Judgments require M-of-N confirmations before execution

- Incorrect judgments are slashed, honest operators earn rewards

- Active set: top N stakers by amount (max 50)

- 7-day unstake timelock

5. Three Challenge Modes

- Tournament: Attacker fees grow the prize pool (80% pool / 10% defender / 10% protocol)

- Bounty: Defender funds prize upfront, attacks are free

- Alignment: Reward per attempt for AI safety data collection

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

SMART CONTRACTS (0G MAINNET)

ChallengeFactory

Address: 0x8B16b1AF11B8b927290c6C69a24ed12002030eF0

Explorer: https://chainscan.0g.ai/address/0x8B16b1AF11B8b927290c6C69a24ed12002030eF0

Main registry contract. Creates Tournament, Bounty, and Alignment challenges. Manages fee collection, oracle wiring, and prize distribution. Each challenge deploys a separate escrow contract with commit-reveal game logic.

ChallengeFactoryERC20

Address: 0x3a725eA9c69094550F6Df4C897400B9379d0aD83

Explorer: https://chainscan.0g.ai/address/0x3a725eA9c69094550F6Df4C897400B9379d0aD83

Companion factory for ERC-20 token challenges. Enables challenges denominated in any ERC-20 token via Wrapped0GBase integration.

AgentNFT (ERC-7857 iNFT)

Address: 0x535e47b2D4409Cab1AB1325BC6fC4C9F9ef106C1

Explorer: https://chainscan.0g.ai/address/0x535e47b2D4409Cab1AB1325BC6fC4C9F9ef106C1

Each challenge mints an intelligent NFT representing the AI agent. Implements ERC-7857 standard for NFTs with TEE-encrypted data. Supports transfer with re-encryption, cloning, authorization, and revocation. Tracks security metrics: total attempts, survival rate, breach status.

TeeOracle

Address: 0xD1F2FA31E221EBeF13Fac259123aCd7B79C23018

Explorer: https://chainscan.0g.ai/address/0xD1F2FA31E221EBeF13Fac259123aCd7B79C23018

On-chain TEE proof verification for ERC-7857 operations. Maintains a registry of authorized TEE signers. Verifies ECDSA signatures from hardware enclaves. Replay protection via used proof tracking.

ReputationRegistry

Address: 0x1c6838de56aDe21a8eEcd125b273F8cBF17f881f

Explorer: https://chainscan.0g.ai/address/0x1c6838de56aDe21a8eEcd125b273F8cBF17f881f

On-chain reputation tracking for both attackers and defenders. Records total attempts, successful breaches, challenges participated, total earnings, and win rates. Scores computed in basis points.

OracleStaking

Address: 0x064378fdC30bF7f9A9B79D6f70e889384545b7A9

Explorer: https://chainscan.0g.ai/address/0x064378fdC30bF7f9A9B79D6f70e889384545b7A9

Decentralized oracle network via staking. Operators stake 0G tokens to participate in judgment validation. M-of-N confirmations required. Slashing for dishonest operators. 7-day unstake timelock.

Network: 0G Mainnet (Aristotle), Chain ID 16661

All contracts deployed and operational.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

ARCHITECTURE

Frontend (TanStack Start + React 19)

> Smart Contracts (0G Chain)

> 0G Compute (TEE Sealed Inference)

> 0G Storage (KV + Log Layers)

> Backend API (Fastify 5 + Bun)

> PostgreSQL (Prisma ORM)

Key Properties:

- Trustless AI evaluation via hardware enclaves

- No off-chain judgment manipulation possible

- Fully transparent attack history and attestation

- Pull-over-push withdrawal pattern for prize distribution

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

0G ECOSYSTEM INTEGRATION

0G Chain (Settlement)

- 6 smart contracts for challenge lifecycle, escrow, reputation, staking

- Native 0G token for prize pools, fees, and staking

- On-chain commit-reveal for anti-front-running

- TEE attestation anchoring

0G Compute (AI Inference)

- TEE sealed inference via @0glabs/0g-serving-broker SDK

- Tamper-proof AI evaluation (system prompt never exposed)

- Verifiable chatID attestation per evaluation

- Streaming SSE responses for real-time attack feedback

- Automatic fallback across multiple compute providers

- Fine-tuning job submission

0G Storage (Data Availability)

- KV Store: challenge configs, conversation histories, reputation snapshots

- Log Layer: encrypted attack archives, TEE attestations, alignment datasets

- ECIES encryption with oracle-derived keys

- Merkle proof verification for any stored data

- Alignment datasets published as public goods

ERC-7857 iNFT

- AI agents as on-chain transferable assets

- TEE re-encryption on transfer and clone

- Authorize/revoke read access to encrypted data

- Security score tracking per agent

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

COMPETITIVE ADVANTAGE

Traditional Bug Bounties InjectMe

Economic Incentives No Partial Yes (prize pools)

Verifiable Proof No No Yes (on-chain + TEE)

Trustless Evaluation No No Yes (TEE enclaves)

Continuous Testing No Yes Yes (timed challenges)

AI-Specific No No Yes (prompt injection)

On-Chain Settlement No No Yes (0G Chain)

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

TECHNOLOGY STACK

- Smart Contracts: Solidity 0.8.20 | OpenZeppelin | Foundry

- Frontend: TanStack Start | React 19 | Tailwind CSS 4 | HeroUI

- Backend: Fastify 5 | Bun | Prisma 7 | PostgreSQL

- Wallet: wagmi v3 | viem

- AI Inference: 0G Compute (TEE) | @0glabs/0g-serving-broker

- Storage: 0G Storage | @0gfoundation/0g-ts-sdk

- Chain: 0G Mainnet (Aristotle) | Chain ID 16661

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

DEPLOYMENT

- Frontend: https://inject-me.vercel.app

- Backend: https://injectme-production.up.railway.app

- GitHub: https://github.com/louissarvin/InjectMe

- Explorer: https://chainscan.0g.ai

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

InjectMe turns AI safety testing into a competitive arena with real economic stakes. By combining 0G Compute (TEE), 0G Storage (DA), and 0G Chain (settlement), every attack, judgment, and outcome is trustless, verifiable, and permanent. Break AI. Prove it on-chain. Earn rewards.