Proof that it
actually happened.

The first on-chain engine that proves a real-world action occurred at a specific coordinate, in a specific slot, on a specific device - using hardware attestation and zero-knowledge. No video to fake. No human to bribe. The code decides.

Explore bounties How verification works

Sub-second on-chain verificationZero personal data published

Proof of physical action

physical_action_v2

Verified

Secure Enclave

0x98b82fdbe135e303b6

GPS Lock

0xe315dc2c23c9955f5a

Sensor Fusion

0x700efbc8494923f1e3

Slot Binding

0x19188217f54d171bd3

coordinate−3.46531, −54.72330

geofenceinside · ±120m

settled slot#·········

Reward released42 SOL

Live bountiesopen for submissions

$570.1K

Rewards in escrow

433ms

Avg verificationon-chain settlement

Attestation layersper proof

Human reviewersthe code decides

One verifier for every kind of real-world action

Environmental monitoringInfrastructure auditsDisaster responseCivic & public worksSupply-chain deliveryField researchWildlife conservationCarbon-credit verificationEnvironmental monitoringInfrastructure auditsDisaster responseCivic & public worksSupply-chain deliveryField researchWildlife conservationCarbon-credit verification

The fatal flaw

Every bounty for a physical action
dies at verification.

Reward someone for doing something in the real world and you inherit the oldest problem in trust: proving it actually happened. The entire industry still answers that question by having a human squint at a photo.

Human verification

today

A human watches a video and makes a judgment call
Screenshots, stock footage, and stolen content pass review
AI-generated and deepfaked media is indistinguishable
Reviewers can be bribed; platforms can be captured
No proof of where or when it actually happened

ZK-attestation oracle

zkbounty

The on-chain program decides - deterministically, every time
Capture is bound to a secure-enclave hardware signature
Re-encoded or synthetic media fails sensor provenance
No reviewer exists to bribe; logic is public and immutable
Coordinate + slot hash prove exactly where and when

The pipeline

From a real-world moment to an on-chain payout

Five stages turn a physical action into a cryptographic fact. The hunter never exposes who they are - only that the criteria were met.

Capture

The hunter records the action through the SDK. Raw camera sensor data, IMU, and barometric altitude are read directly from the device - never a gallery upload.

sdk.capture()

Attest

The secure enclave signs the raw metadata with a hardware-bound key. GPS is locked across multiple constellations and the current Solana slot hash is folded in.

ed25519_enclave

Strip

Every personal identifier - device IDs, faces, exact identity - is removed before anything leaves the device. Only the facts the bounty needs survive.

redact(pii)

Prove

A succinct zero-knowledge proof is generated: it asserts the attestations matched the bounty parameters - coordinate, slot window, device class - revealing nothing else.

physical_action_v2

Settle

The on-chain verifier program checks the proof against the bounty in a single transaction. Match → escrow releases. No match → funds stay locked. No human in the loop.

verify_and_pay()

Why it holds

Trust rooted in silicon, not in someone's good word

Each layer of the proof closes a specific avenue for fraud. Together they make a fabricated submission computationally infeasible - not merely against policy.

Un-spoofable place & time

A multi-constellation GPS lock pins the action to a coordinate inside the bounty geofence. The current Solana slot hash makes the timestamp impossible to backdate - the proof is bound to a moment that did not yet exist when the bounty was posted.

lat-3.46531

lng-54.72330

geofenceinside · ±120m

slot#·········

slot hash

783f403404789a594aee1009f116ee9026da6fa3ab11580e3517643fb61be271

haversine ≤ radiusslot ∈ windowmulti-band lock

Hardware-rooted attestation

The capture is signed inside the device's secure enclave with a key that never leaves the chip. Tampered or rooted devices fail integrity checks at the source.

Privacy-preserving by construction

PII is stripped before proving. The chain learns the criteria were met - never who met them, what device they used, or anything beyond the bounty's question.

Programmable verification

Bounty criteria compile to an on-chain verifier program. The same logic runs for every submission, forever - auditable, immutable, and impossible to override.

Sensor provenance

Camera and IMU signatures expose re-encoded, screen-recorded, or synthetically generated media. Deepfakes don't carry a genuine sensor fingerprint.

Live network

Watch the oracle settle reality in real time

Every line is a physical action being proven and paid - a charger commissioned, a delivery confirmed, a forest defended - each bound to a Solana slot and verified without a single human review.

Open the network monitor

Verification streammainnet-beta

delta.scout.c0 proof verified

Public mural completion verification

4.20SOL

#353,426,120

flux.proof.0b proof submitted

Endangered species sighting log - Snow Leopard

live

#353,425,822

silent.spectre.a9 proof verified

Reforestation grant - sapling verification