How Does Truebit Work?

Interactive verification game: task givers submit computations, solvers execute off-chain, verifiers can challenge results

Truebit's core mechanism uses game-theoretic verification where solvers execute computations off-chain and verifiers can challenge incorrect results through interactive dispute resolution. Novel when launched in 2017.

TRU token purchase/sell via bonding curve with _getPurchasePrice() pricing function

Custom bonding curve for TRU minting and redemption. The _getPurchasePrice() function contained the integer overflow vulnerability exploited in January 2026 due to unprotected addition in Solidity 0.6.10.

Solver deposits and slashing for incorrect computation results

Solvers must post deposits that are slashed if their computation is proven incorrect via the verification game. Standard staking/slashing pattern.

Task fees paid by task givers for off-chain computation execution

Task givers pay fees in TRU/ETH for computation tasks. Fee model is straightforward fixed-fee-per-task.

Jackpot incentive: forced errors to incentivize verifier participation

Truebit introduces intentional 'forced errors' by solvers to ensure verifiers have economic incentive to stay active. Without forced errors, rational verifiers would stop checking since correct computations dominate. Novel incentive design.

Cross-chain computation orchestration across Ethereum, Avalanche, Arbitrum

Truebit claims to orchestrate computation workflows across multiple chains from a single interface. Cross-chain state reading and execution adds bridge dependency.

The bonding curve's _getPurchasePrice() used SafeMath for multiplication but native + for addition in Solidity 0.6.10 (pre-overflow-protection). An attacker inputted amount=240,442,509 TRU causing v9+v12 to overflow uint256, pricing the purchase at 0 ETH, then sold the free-minted TRU for 8,535 ETH ($26.4M).

The exploited contract was deployed in 2021 with no public record of a third-party audit. The integer overflow vulnerability went undetected for nearly 5 years despite being a well-known Solidity anti-pattern.

The forced error mechanism requires sufficient verifier participation to function. With near-zero token value and no economic incentive, the verification game has no active participants, making the compute verification protocol non-functional.

Cross-chain computation workflows add attack surface. If the core Ethereum contracts are compromised (as demonstrated), cross-chain deployments on Avalanche and Arbitrum may share the same vulnerable code patterns.

The bonding curve and DEX pools provided dual liquidity venues. Post-exploit, both are drained: the bonding curve was exploited directly, and DEX LPs exited as TRU went to near-zero. No recovery path exists without a full contract redeploy.