Oasis TEE Break Challenge

Summary

• One wBTC is locked in a Sapphire smart contract, anyone who hacks it can keep the funds
• The only way to win is to break the TEE and extract the key, smart contract exploits are blocked
• This is a security test on a live network, running until the end of 2025, all standard defenses active

Oasis has launched a security challenge to demonstrate confidence in Sapphire, our TEE-based confidential EVM network. We've deployed a smart contract on Sapphire that controls one Bitcoin (wBTC), held at the Ethereum address listed below. 

Unlike traditional bug bounties with reporting and triage processes, this is an open challenge: anyone who can extract the funds through any means can keep them. The bounty is designed to test the fundamental security of TEEs in a real-world environment.

Proof in Practice 

Recent research demonstrated hardware-level exploits targeting SGX enclaves with deterministic memory encryption, impacting several TEE-based blockchain networks. Oasis was built with these types of threats in mind and, as a result, was unaffected. 

Sapphire uses SGX v1, which does not employ this type of encryption. We also employ a defense-in-depth approach designed to mitigate these exact risks.

However, the broader conversation about TEE security prompted questions about the fundamental viability of confidential computing in blockchain environments. Rather than talking, we're demonstrating our confidence through action. 

Technical Details

For this challenge, a Sapphire smart contract (deployed here: 0xc1303edbFf5C7B9d2cb61e00Ff3a8899fAA762B8) generates a cryptographic keypair entirely within the enclave using Sapphire's secure randomness. 

The private key never leaves the TEE, there is no function to extract it, no off-chain generation, nothing. The contract derives an Ethereum address from this key and exposes only the public address: 0xCEAf9abFdCabb04410E33B63B942b188B16dd497, where the wBTC now sits.

The Sapphire contract acts as a custodial wallet. All transaction signing occurs inside the TEE when the authorized owner requests a withdrawal.

The design eliminates traditional attack vectors: withdrawal destinations are hardcoded (even a compromised owner account can only return funds to Oasis's multi-sig vault), and authentication requires sign-in with Ethereum (SIWE) verification with all transaction signing using Sapphire's cryptographic primitives inside the enclave.

This means if the BTC disappears through any unauthorized means, it proves someone extracted the private key from the TEE - evidence of a TEE compromise rather than a smart contract exploit.

Rules & Parameters 

This bounty has already generated over 250k views and caught the attention of Ethereum security researchers, hardware hacking communities, and more. The full contract source code is publicly verified and viewable directly through the Oasis Explorer.

The intent is to challenge production Sapphire Mainnet with all our standard security protections active, including: ephemeral key rotation, restricted compute committee membership, enhanced key manager node safeguards, and ongoing CPU controls. The bounty isn't a controlled experiment - it tests real security with real economic value at risk.

The challenge is time-bound, running from now until the end of 2025. This provides a window of opportunity for anyone who believes they can break Sapphire's confidential computing guarantees. For any questions, please join our Discord.