Proposal “Dash-Core-Group-Bug-Bounty-June“ (Completed)Back
| Title: | Dash Core Group Bug Bounty June 2021 |
| Owner: | glennaustin |
| One-time payment: | 75 DASH (1796 USD) |
| Completed payments: | 1 totaling in 75 DASH (0 month remaining) |
| Payment start/end: | 2021-05-14 / 2021-06-12 (added on 2021-05-13) |
| Votes: | 899 Yes / 28 No / 3 Abstain |
Proposal description
Dash Core Group May 28th Funding Proposals
DCG is submitting 3 funding proposals for the budget cycle that pays out May 28th:
1) DCG Compensation: 2,472 Dash per month (currently in month 1/3)
2) DCG Legal: 419 Dash (currently in month 1/1)
3) DCG Bug Bounty: 75 Dash (currently in month 1/1)
This Proposal
This proposal requests funding for the Bug Bounty Program and is cross-posted here
Bug bounty programs are especially important in cryptocurrency projects like Dash because they provide a financial incentive for developers to spend time scrutinizing our code for potential vulnerabilities or errors. This improves the quality and resilience of the network over time.
An official program aimed at discovering and resolving bugs before the general public is aware of such bugs helps prevent incidents of widespread abuse. The primary goal of the program is to uncover significant vulnerabilities that have a direct and demonstrable impact on the security of our users. Hackers are incentivized to disclose hacks in a manner that is safe and discrete, instead of exploiting or selling hacks.
Another benefit is that it also can help attract potential developers to DCG that are interested in crypto. In fact, we have ended up hiring developers in the past whom we first interacted with through a bug report. And even if not resulting in a DCG team hire, such programs that engage the community can also help encourage 3rd party contributions (i.e. Find it - Fix it - Get paid more); this helps keep the DCG team focused on other mission critical activities.
In the past, 3rd party organizations have managed a bug bounty program for Dash; some of the advantages to having a DCG-managed bug bounty program are below:
If you have any questions, please direct them to @brianfoster in this post to ensure we are notified of your request.
Requested funding is as follows for the budget cycle paying out May 28th:
DCG is submitting 3 funding proposals for the budget cycle that pays out May 28th:
1) DCG Compensation: 2,472 Dash per month (currently in month 1/3)
2) DCG Legal: 419 Dash (currently in month 1/1)
3) DCG Bug Bounty: 75 Dash (currently in month 1/1)
This Proposal
This proposal requests funding for the Bug Bounty Program and is cross-posted here
Bug bounty programs are especially important in cryptocurrency projects like Dash because they provide a financial incentive for developers to spend time scrutinizing our code for potential vulnerabilities or errors. This improves the quality and resilience of the network over time.
An official program aimed at discovering and resolving bugs before the general public is aware of such bugs helps prevent incidents of widespread abuse. The primary goal of the program is to uncover significant vulnerabilities that have a direct and demonstrable impact on the security of our users. Hackers are incentivized to disclose hacks in a manner that is safe and discrete, instead of exploiting or selling hacks.
Another benefit is that it also can help attract potential developers to DCG that are interested in crypto. In fact, we have ended up hiring developers in the past whom we first interacted with through a bug report. And even if not resulting in a DCG team hire, such programs that engage the community can also help encourage 3rd party contributions (i.e. Find it - Fix it - Get paid more); this helps keep the DCG team focused on other mission critical activities.
In the past, 3rd party organizations have managed a bug bounty program for Dash; some of the advantages to having a DCG-managed bug bounty program are below:
- DCG has been a trusted project team supporting the Dash network for 4 years
- Reported issues can be evaluated quicker than if there was a 3rd party involved
- There is less chance of a 3rd party publicly sharing reported bugs
- Mainnet
- Dash Core Desktop Wallet
- Dash Wallet Android
- Dash Wallet iOS
- API/SDK endpoints that are currently used by the above products
- API/SDK endpoints that were created/forked by DCG
- Reward pool for payouts (100% of the funding will be used for the reward pool)
- Administration, KYC, and accounting of payouts
- Maintenance of a dedicated website for guidelines and bug submissions
If you have any questions, please direct them to @brianfoster in this post to ensure we are notified of your request.
Requested funding is as follows for the budget cycle paying out May 28th:
- 70 Dash for bug bounty expenses ($24,500 USD @ $350 per Dash)
- 5 Dash proposal reimbursement
Show full description ...
Discussion: Should we fund this proposal?
Submit comment
|
No comments so far?
Be the first to start the discussion! |
However, note that in crypto, the bug bounty is the billion dollars in the DASH market cap, for example anyone that can exploit a bug that could see them gaining control of DASH they otherwise should not have will simply exploit it on mainnet and cash in big time. So, I generally see this as ineffective and not likely to discover bugs such as the RVNcoin inflation bug and two prior Bitcoin inflation bugs, one of which was leveraged. Also, the DASH you are setting aside for this is too small to interest any serious testers.