LEZ Lambda prize proposal from "Zones team"

README.md

@@ -7,19 +7,26 @@ A competitive prize framework for the Logos ecosystem. **λ**Prize targets contr
 All prizes live in the `[prizes/](prizes/)` directory. Each prize is a markdown file following the `LP-XXXX` naming convention.
 
 
-| File                         | Description                                              |
-| ---------------------------- | -------------------------------------------------------- |
-| [LP-0000](prizes/LP-0000.md) | Template — use this as the starting point for new prizes |
-| [LP-0001](prizes/LP-0001.md) | Private NFT Ownership Proof                              |
-| [LP-0002](prizes/LP-0002.md) | Private M-of-N Multisig                                  |
-| [LP-0003](prizes/LP-0003.md) | Private Allowlist / Airdrop Distributor                  |
-| [LP-0004](prizes/LP-0004.md) | Sealed-Bid Auction Using Shielded Balances               |
-| [LP-0005](prizes/LP-0005.md) | Private Token Balance Attestation                        |
-| [LP-0006](prizes/LP-0006.md) | Bitcoin–LEZ Atomic Swap Using Adaptor Signatures         |
-| [LP-0007](prizes/LP-0007.md) | Monero–LEZ Atomic Swap                                   |
-| [LP-0008](prizes/LP-0008.md) | Autonomous AI Module with Wallet, Storage, and Messaging |
-| [LP-0009](prizes/LP-0009.md) | Keycard NIP-46 Nostr Signer Proxy                        |
-| [LP-0010](prizes/LP-0010.md) | Shell dApp Integration Proof of Concept                  |
+| File                           | Description                                              |
+| ----------------------------   | -------------------------------------------------------- |
+| [LP-0000](prizes/LP-0000.md)   | Template — use this as the starting point for new prizes |
+| [LP-0001](prizes/LP-0001.md)   | Private NFT Ownership Proof                              |
+| [LP-0002](prizes/LP-0002.md)   | Private M-of-N Multisig                                  |
+| [LP-0003](prizes/LP-0003.md)   | Private Allowlist / Airdrop Distributor                  |
+| [LP-0004](prizes/LP-0004.md)   | Sealed-Bid Auction Using Shielded Balances               |
+| [LP-0005](prizes/LP-0005.md)   | Private Token Balance Attestation                        |
+| [LP-0006](prizes/LP-0006.md)   | Bitcoin–LEZ Atomic Swap Using Adaptor Signatures         |
+| [LP-0007](prizes/LP-0007.md)   | Monero–LEZ Atomic Swap                                   |
+| [LP-0008](prizes/LP-0008.md)   | Autonomous AI Module with Wallet, Storage, and Messaging |
+| [LP-0009](prizes/LP-0009.md)   | Keycard NIP-46 Nostr Signer Proxy                        |
+| [LP-0010](prizes/LP-0010.md)   | Shell dApp Integration Proof of Concept                  |
+| [LP-0011](prizes/LP-0011.md)   | Program development tooling                              |
+| [LP-0012](prizes/LP-0012.md)   | Event/Log mechanism                                      |
+| [LP-0013A](prizes/LP-0013A.md) | Token program improvements (authorities)                 |
+| [LP-0013B](prizes/LP-0013B.md) | Token program improvements (ATAs + wallet tooling)       |
+| [LP-0014](prizes/LP-0014.md)   | General cross-program calls via tail calls               |
+| [LP-0015](prizes/LP-0015.md)   | Bug bounty: Protocol vulnerabilities                     |
+| [LP-0016](prizes/LP-0016.md)   | Adversarial testing/ uzzing infrastructure               |
 
 
 ### Proposing a New Prize
@@ -62,4 +69,4 @@ at your option.
 
 Unless you explicitly state otherwise, any contribution intentionally submitted
 for inclusion in the work by you, as defined in the Apache-2.0 license, shall be
-dual licensed as above, without any additional terms or conditions.
+dual licensed as above, without any additional terms or conditions.

prizes/LP-0011.md

@@ -0,0 +1,104 @@
+# LP-0011: Program development tooling: minimal Rust SDK for programs + CPI
+
+**`Logos Circle: <N/A>`**
+
+## Overview
+
+This prize funds a *minimal Rust SDK layer* that makes it materially easier to write LEZ programs while keeping program execution semantics explicit and auditable. The goal is to remove repetitive plumbing (entrypoints, instruction routing, byte parsing, basic account validation, CPI construction) so builders can focus on program logic.
+
+Unlike heavyweight frameworks, this SDK should stay close to idiomatic Rust: small surface area and predictable generated code. Attribute macros are acceptable if they only generate the unavoidable wiring and remain easy to inspect (e.g., via `cargo expand`). Rust supports attribute-like procedural macros for this kind of compile-time code generation.
+
+## Motivation
+
+Even trivial programs require a lot of manual boilerplate: entrypoint definitions, instruction enums, instruction decoding from raw bytes, CPI instruction construction, and repetitive validation patterns. This increases time-to-first-program, produces inconsistent conventions across repos, and introduces avoidable parsing/validation bugs.
+
+A competitive prize is a good mechanism here because multiple teams can propose different minimal designs and ergonomics trade-offs (how explicit the generated router is, how CPI is represented, how validation helpers are composed) and the ecosystem can adopt the cleanest, most maintainable approach without prematurely locking into a monolithic framework. (As a point of contrast, Solana’s Anchor demonstrates macro-based boilerplate reduction, but this prize explicitly targets a *lighter*, more explicit approach.)
+
+## Example 
+```rust
+#[LEZ_sdk::program]
+mod counter {
+
+    #[LEZ_sdk::function]
+    pub fn increment(account: AccountWithMetadata, amount: u64) -> Result<()> {
+        ...
+    }
+}
+```
+## Success Criteria
+
+- [ ] “Hello-world” program ergonomics: A reference `counter` program can be written with:   
+  - a single program module annotation (e.g., `#[LEZ_sdk::program]`), and
+  - per-instruction function annotations (e.g., `#[LEZ_sdk::function]`),
+  - and compiles on stable Rust.
+- [ ] Generated entrypoint + routing: The SDK generates a deterministic instruction router that:
+  - maps instruction discriminants to handler fns,
+  - performs byte decoding for handler arguments,
+  - returns consistent error codes/messages on malformed input.
+    The generated code must be inspectable/documented (include `cargo expand` output in `docs/` or `examples/`).
+- [ ] CPI abstraction: Provide a small CPI API that supports:
+  - building an instruction targeting another program,
+  - passing accounts + metadata explicitly,
+  - serialising arguments deterministically,
+  - invoking the runtime CPI entry (or equivalent) with clear error propagation.
+- [ ] No heavyweight “magic”: The SDK must *not* introduce a framework-style DSL. Specifically:
+  - no auto-generated account schemas/IDL,
+  - no hidden reflection-based dispatch,
+  - no implicit account fetching,
+  - no implicit mutation/authorisation rules.
+- [ ] Testing + examples: Include:
+  - unit tests for encoding/decoding and router correctness,
+  - at least *two* example programs, one demonstrating CPI (Program A calls Program B),
+  - negative tests for malformed instruction bytes / wrong account sets.
+- [ ] Documentation: A concise “Getting Started” plus a “Design” doc explaining:
+  - instruction encoding format,
+  - how routing is generated,
+  - CPI construction,
+  - extension points (how future features would be added without bloat),
+  - explicit non-goals.
+
+## Scope
+
+### In Scope
+
+- Minimal Rust crates (e.g., `LEZ-sdk` + optional `LEZ-sdk-macros`) that:
+  - reduce entrypoint boilerplate,
+  - provide explicit instruction routing and argument decoding,
+  - provide CPI helpers with explicit account lists,
+  - provide light validation helpers (e.g., common checks expressed as library functions, not “framework rules”).
+- Clear, deterministic instruction encoding and decoding utilities.
+- Developer tooling guidance (e.g., recommended `cargo expand` workflow and debug logging conventions).
+
+### Out of Scope
+
+- Full frameworks comparable to Anchor (e.g., account derive systems, auto validation rule engines, IDL generation, client codegen).
+- Complex macro DSLs that substantially change how Rust code is written.
+- Wallet/client SDKs (TypeScript, Python, etc.) and off-chain tooling.
+- Runtime changes to LEZ (this prize is strictly a Rust SDK layer).
+
+## Prize Structure
+
+- **Total Prize:** $TBD
+- **Next Planned Revision Date:** TBD
+
+
+## Eligibility
+
+Open to any individual or team. Submissions must be original work. Teams must hold the rights to all submitted code and agree to license it under MIT or Apache-2.0.
+
+## Submission Requirements
+
+- A public repository containing:
+  - the SDK crate(s),
+  - examples (`counter`, plus a CPI example),
+  - documentation (`README.md` + `docs/design.md` or equivalent),
+  - tests (CI runnable via `cargo test`).
+- Clear versioning and a minimal changelog.
+- If any macros are used, include a section documenting what each macro expands into and why it is necessary (Rust procedural macros execute at compile time and should be treated with the same care as build scripts)
+## Evaluation Process
+
+By default, submissions are evaluated first-come-first-served against the success criteria. The first submission that meets **all** criteria wins.
+
+## Resources
+
+- [LEZ Github repository](https://github.com/logos-blockchain/lssa)

prizes/LP-0012.md

@@ -0,0 +1,103 @@
+# LP-0012: Event/Log mechanism: Structured events for LEZ program execution
+
+**`Logos Circle: <N/A>`**
+
+## Overview
+This prize is for designing and implementing a *structured event system* that lets LEZ programs emit events describing what happened during execution in a way that is both *human-interpretable* (debugging, wallet UX) and *machine-readable* (indexers, explorers, apps). Events must be retrievable by clients after execution and must still be emitted even when a transaction fails.
+
+Other ecosystems demonstrate the value of making execution metadata available to clients: Solana exposes per-transaction `meta.logMessages` (alongside `meta.err`) via RPC, which is widely used for debugging. Cosmos SDK treats events as a first-class client interface for explorers and wallets, returning structured type/attribute events in ABCI results rather than storing them in state.
+
+## Motivation
+Currently, program-level feedback is too limited for good UX and tooling: developers and users struggle to understand *why* execution failed, indexers cannot reliably classify activity, and explorers/wallets cannot provide meaningful post-transaction narratives.
+
+A prize is appropriate because there are multiple plausible designs with important trade-offs (format/encoding, namespacing, ordering, size limits, failure semantics, privacy considerations). We want builders to propose and implement competing approaches, then adopt the one that is simplest, robust, and most indexer-friendly.
+
+## Example 
+```rust
+fn main() {
+    let (
+        ProgramInput {
+            pre_states,
+            instruction: Withdraw { amount },
+        },
+        instruction_data,
+    ) = read_nssa_inputs::<Instruction>();
+
+    let [pre_state] = pre_states.try_into().unwrap();
+
+    let balance = read_balance(&pre_state.account);
+
+    if balance < amount {
+        // <<<<<< EVENT HERE
+        emit_event(InsufficientFunds {
+            account: pre_state.account.address,
+            requested: amount,
+            available: balance,
+        });
+
+        panic!("Insufficient funds");
+    }
+
+    write_nssa_outputs(instruction_data, vec![pre_state], vec![post_state]);
+}
+```
+
+## Success Criteria
+
+- [ ] Event API for programs: Provide a Rust-facing API usable inside LEZ programs, e.g. `emit_event(MyEvent { ... })`, that supports emitting typed events with structured fields.
+- [ ] Machine-readable format: Events are encoded deterministically with:
+  - stable versioning,
+  - stable ordering,
+  - explicit program attribution (e.g., `program_id` included or enforced by runtime),
+  - and a documented schema strategy (e.g., discriminant + bytes payload; or key-value attributes with ordering).
+- [ ] Human-friendly rendering: Provide a reference decoder/formatter that renders events into a readable form (CLI output or JSON) for debugging.
+- [ ] Available post-execution: After transaction execution, clients can retrieve emitted events via a documented interface (e.g., tx receipt / RPC / block data access).
+- [ ] Emittable on failure: If a transaction fails (program aborts / returns error), events emitted prior to failure are still available to clients (i.e., not discarded with state reversion).
+- [ ] Testing: Include tests covering:
+  - deterministic encoding/decoding,
+  - event ordering,
+  - size-limit behaviour,
+  - failure-path persistence (“emit then fail” still returns events).
+
+## Scope
+
+### In Scope
+- A clear event model (record structure, attribution rules, encoding).
+- Rust SDK hooks for emitting events from programs (public and, where relevant, privacy-preserving execution environments).
+- Runtime/sequencer integration sufficient to make events retrievable after execution and to preserve them in failure cases.
+- Decoder tooling and documentation for clients/indexers.
+
+
+### Out of Scope
+- A full hosted explorer, production indexer stack, or managed data service.
+- Heavy, framework-wide “magic” (auto-generated IDLs, large macro DSLs) not necessary for event emission.
+- Privacy-leaking defaults: designs must be explicit about what is emitted and what is safe to emit (especially for private execution), but this prize does not require solving private analytics beyond sensible defaults.
+
+
+## Prize Structure
+
+- **Total Prize:** $TBD
+- **Next Planned Revision Date:** TBD
+
+
+## Eligibility
+
+Open to any individual or team. Submissions must be original work. Teams must hold the rights to all submitted code and agree to license it under MIT or Apache-2.0.
+
+## Submission Requirements
+- Public repository containing:
+  - implementation (SDK + any runtime/sequencer glue),
+  - event format specification (`docs/event-format.md`),
+  - decoder/formatter tool (CLI or library),
+  - at least one example program demonstrating:
+    - success-path events,
+    - failure-path events (emit then fail),
+  - reference indexer example (can be minimal).
+
+## Evaluation Process
+
+By default, submissions are evaluated first-come-first-served against the success criteria. The first submission that meets **all** criteria wins.
+
+## Resources
+
+- [LEZ Github repository](https://github.com/logos-blockchain/lssa)

prizes/LP-0013A.md

@@ -0,0 +1,65 @@
+# LP-0013: Token program improvements: authorities
+
+**`Logos Circle: <N/A>`**
+
+## Overview
+This prize targets practical, production-oriented improvements to the LEZ Token program to support controlled, real-world token issuance. The current example is intentionally minimal; this challenge focuses on adding a mint authority model that enables variable supply, revocable control, and common issuance patterns expected by wallets and applications.
+
+[Solana’s SPL Token ecosystem](https://solana.com/docs/tokens/basics/create-token-account) is a useful reference point: it supports authority-controlled minting, enabling fixed supply, capped supply, permissioned minting, and revocation.
+
+## Motivation
+Without minting authorities,token issuers cannot implement widely used supply models:
+- fixed supply tokens (mint authority revoked),
+- variable or inflationary supply,
+- permissioned issuance,
+- governance-controlled minting.
+
+Adding a clean authority model enables the ecosystem to support real economic use cases while preserving minimalism and auditability.
+
+
+## Success Criteria
+- [ ] Variable-size Tokens through minting authority: Implement a mint authority model for LEZ tokens that supports:
+  - mint authority set at token initialization,
+  - minting by the authority,
+  - authority rotation and/or revocation (e.g., set to `None` to make supply fixed).
+- [ ] Documentation and examples: Provide:
+  - at least *two* example integrations (e.g., “fixed supply token with revoked authority” and “variable supply token with mint authority”).
+
+## Scope
+
+
+### In Scope
+- Mint authority (and optionally freeze authority if proposed, but not required).
+- Clear specifications for authority semantics.
+- Minimal, auditable implementation with strong tests.
+
+### Out of Scope
+- A full-featured token standard with numerous optional extensions.
+- Complex compliance systems, fee mechanics, or DEX integration.
+
+## Prize Structure
+
+- **Total Prize:** $TBD
+- **Next Planned Revision Date:** TBD
+
+
+## Eligibility
+
+Open to any individual or team. Submissions must be original work. Teams must hold the rights to all submitted code and agree to license it under MIT or Apache-2.0.
+
+## Submission Requirements
+- Public repository containing:
+  - code changes to the token program,
+  - `README` + design docs (authority model and lifecycle),
+  - tests and example programmes/scripts.
+
+## Evaluation Process
+
+By default, submissions are evaluated first-come-first-served against the success criteria. The first submission that meets **all** criteria wins.
+
+## Resources
+
+- [LEZ Github repository](https://github.com/logos-blockchain/lssa)
+- [Solana - Create a Token Account](https://solana.com/docs/tokens/basics/create-token-account)
+- [Solana - Token Extensions](https://solana.com/docs/tokens/extensions)
+- [Solana - Set Authority](https://solana.com/docs/tokens/basics/set-authority)