PRT Honeypot 🍯, now secured by Cartesi’s PRT (Permissionless Refereed Tournaments) fraud-proof system, is live on Ethereum Mainnet as the first Cartesi Rollup application with built-in fraud-proof security.
Remember the challenge? Try hacking it and you could win the CTSI prize pot, with the pool continuing to grow. The first deposit will be made in the coming days, marking the beginning of the funding phase and drawing in potential hackers. If you’re a developer, jump into the updated Honeypot GitHub repository, now enhanced with the PRT mechanism, and start exploring the application. Not a coder? No worries, just follow along and see if anyone manages to crack it.
You might recall the previous Honeypot launched in September 2023, which marked the mainnet readiness of Cartesi’s appchain framework. So what’s new this time? This version is secured by PRT, Cartesi’s first fraud-proof system implementation (Dave will follow later), and it's intended to propel Cartesi into the Stage 2 Rollups category. Read more about L2Beat’s Stage 2 categorization here.
Cartesi has employed the Honeypot tactic to rigorously test the initial release of Cartesi Rollups, using the previous application to push the boundaries of security validation. To date, there is no known solution that breaches the system. This consistent testing has reinforced confidence in the Rollup logic's robustness and security integrity.
Building on this proven foundation, a new Honeypot has been launched to put the PRT fraud-proof system originally presented in the PRT Research Paper published in December 2022 to the test. The newly launched Honeypot now leverages this fraud-proof system to provide enhanced security guarantees, raising the bar for decentralized rollups.
The addition of the PRT fraud-proof system and the new node brings the benefit, from a user perspective, of enabling active participation in the appchain. Previously, nodes operated under an authority consensus model, meaning only one node runner decided the computation results while the others simply reproduced them.
Now, any node can challenge the correctness of computations and executions, creating a fully trustless solution where users play a key role. Honest users inherently help guarantee the integrity of the entire appchain, since anyone can run their own node to validate the PRT Honeypot. Instructions on how to do so can be found here.
PRT is Cartesi’s first approach (next up, Dave) to solving this core challenge: verifying state transitions in a permissionless, decentralized way that resists Sybil attacks, without requiring massive resources or trust assumptions. Instead of committing only to a final state, PRT requires participants to commit to the entire computation path via computation hashes. This enables it to catch lies anywhere in the process, not just liars.
PRT resolves disputes through a bracket-style tournament, allowing validators to team up and efficiently eliminate half of the false claims round by round. Thanks to this design, honest validators perform only logarithmic work over logarithmic time, requiring just modest computing power even against large-scale Sybil attacks.
This upgrade makes the Honeypot a robust testbed for Stage 2 rollup security, aligning Cartesi with the latest industry standards and raising the bar in decentralized dispute resolution. Read more about Cartesi’s PRT fraud proof mechanism here.
In cybersecurity, a honeypot is a decoy system designed to lure attackers and analyze hacking attempts.
Cartesi’s Honeypot application is a real-world challenge based on this concept. Think of it like a treasure hunt with no map: if you hack it, you get the prize, no strings attached.
This approach reveals a dual objective: setting a financial benchmark for secure asset management and providing a gamified battlefield for the community to help audit and test Cartesi Rollups.
Unlike bug bounty programs or Capture the Flag contests, Honeypot’s winners simply figure out how to withdraw funds directly from a smart contract running on Cartesi Rollups V2. There’s no known solution yet, and so far, the Rollup logic’s security remains solid.
At its core, Honeypot only allows a specific Cartesi depositor account to withdraw funds. The hacker’s challenge is to break that code and move the funds to their own account.
Check out the Cartesi Rollups documentation and start brainstorming.
The initial prize for this Honeypot is set at $1,000 in CTSI, with the deposit scheduled to be made as soon as final tests are completed. Currently, the economic model is not yet implemented, so delay attacks remain possible, making it unsuitable for large TVLs. This design reflects the milestone objective of establishing Cartesi as a Stage 2 Rollups solution in line with L2Beat's standards (still under review at the time of writing). However, as the system evolves, the pot is expected to grow progressively with compound allocations from the Cartesi Foundation, while the previous version of the Honeypot, which holds 1,772,889 CTSI, is phased out.
The winner claims the funds. Cartesi then analyzes the breach, patches it, and launches a new Honeypot to keep testing and strengthening the core technology secured by the PRT fraud-proof system.
Uncovering potential vulnerabilities encourages continuous improvement and innovation in our infrastructure design, and we'll appreciate the engagement in this experiment as well as any successful breach of the PRT Honeypot.
Dive in! Check the Honeypot GitHub repo to explore the application and get ready for hacking, or follow our social channels to stay updated with the latest on the first Cartesi Rollup application with built-in fraud-proof security.
Good luck, and may the sharpest minds enjoy some honey!
Subscribe to the newsletter to keep up with new episodes and Cartesi developments
Discover the key benefits this collaboration will bring and explore some of the early projects already leveraging this integration to build truly innovative dApps.
Written By Marketing Unit
Your go-to guide to understanding what Cartesi brings to developers.
Written By Marketing Unit
Everything you need to know to start building on Cartesi
Written By Marketing Unit
© 2025 The Cartesi Foundation. All rights reserved.
