Exploits are already developed prior to the event. It's not a CTF where one can reasonably be expected to find and develop an exploit during the contest. Players get limited time to tweak what they've got in case it doesn't work, but that's it.
Well, my understanding is that there's a submission then various teams are apprised and given x hours to complete, where x would obviously be greater than twenty-four, and not necessarily handled in one setting, such that there'd be a 'reveal' disclosing successful contestants. So it looks like I wasn't mistaken there.
But that still does not address the matter of rigging and whether Pwn2Own has clear rules against it. I don't know, which is why I asked.
Prior to the "contest" beginning everyone participating has to disclose what they have 0day for. In cases where more than 1 person brings 0day for a particular target then they will attack it in turn. The order they get to go in is random. When it's someone's turn they get like 5 minutes to exploit the target. If they can't do it then it's the next person's turn. Whoever exploits it first wins. So if you have 2 people each with a reliable exploit for the same vuln in the same target then who wins is really decided by the coin toss. But let's not forget what this really is: vulnerability sales. So if there's 2 different vulns in the same target then probably the sponsor is going to want to buy them both anyway.
What is it that you mean by rigging? The main point of the event is that sellers feel safe exposing their warez. The rules are clear, they're going to get paid if they have what they say that have. The sponsors get to buy the 0day and know it's real and they're not getting ripped off. And it's all in the open and everyone gets good press.
Guessing just already-successful firms / personalities that want to win Tesla pen-testing contracts in the future?
Or has Tesla released binary blobs of their firmware systems online?