Last updated 5 months ago
Cardano ecosystem lacks ways to improve code security through community-driven bug bounty audits.
This is the total amount allocated to Bug Bounty Platform - Cardano Community-Led Security. 3 out of 4 milestones are completed.
1/4
Basic setup, first clickable website and wireframe designs
Cost: ₳ 27,000
Delivery: Month 1 - Apr 2024
2/4
UI designed, partially implemented
Cost: ₳ 25,000
Delivery: Month 2 - May 2024
3/4
Final UI of the website
Cost: ₳ 18,000
Delivery: Month 3 - Jun 2024
4/4
Working website
Cost: ₳ 20,000
Delivery: Month 4 - Jul 2024
NB: Monthly reporting was deprecated from January 2024 and replaced fully by the Milestones Program framework. Learn more here
Vacuumlabs developers, Vacuumlabs auditors
A community-based bug bounty platform rewarding ADA for identifying smart contract vulnerabilities.
No dependencies.
All the outputs, including the design document and the proofs of concept will be open-sourced on Github with a GPL-3.0 license.
Our solution is a community-driven Bug Bounty platform on the Cardano Blockchain. Recognizing the importance of security in blockchain projects, we aim to create an ecosystem where developers can submit their projects for auditing. Users will be incentivized through ADA rewards to find and report vulnerabilities. In this way we aim to strengthen project security and increase collaboration within the ecosystem.
We intend to engage both experienced auditors and enthusiastic community members, offering a unique blend of expertise and fresh perspectives. By ensuring robust security measures, we contribute significantly to the Cardano ecosystem's overall integrity and reliability. Our solution is unique because it combines community engagement with professional auditing, benefiting developers, auditors, and ultimately, the Cardano network.
The first version of our website will be a PoC and to fit within the budget we plan to deliver it without a smart contract functionality. In the next phases of the project, we aim to add a smart contract described below.
Smart Contract Functionality:
Our project will significantly enhance the security and reliability of the Cardano ecosystem. By incentivizing bug discovery and reporting, we encourage a proactive approach to identifying vulnerabilities. This not only improves individual projects but also elevates the overall trust in the Cardano network.
We plan to measure impact quantitatively by tracking the number of vulnerabilities reported and resolved, and qualitatively through community feedback. Success will be shared via regular updates and reports, detailing the vulnerabilities found and fixed. This transparency will promote a culture of security and trust, benefiting the entire Cardano community.
This proposal benefits wide array of groups within the community:
As seasoned developers and auditors of smart contracts on Cardano, we possess extensive experience with audits and design reviews conducted in Plutus, Plutarch, and Aiken languages. We have already identified various vulnerabilities, viewable at https://github.com/vacuumlabs/audits. Additionally, we are launching a series of blogs on common Cardano vulnerabilities, accessible at https://medium.com/@vacuumlabs_auditing.
Drawing from our expertise and experience, we are confident in our ability to create a website that will be well designed for both sides: the projects in need of audit and the community of auditors and security experts.
Conceptualization and Design of the Proof of Concept (PoC) Platform.
Development and Backend Setup for the PoC Platform without Smart Contract Integration.
User Interface Development and Testing.
Launch of the PoC Platform and Initial User Engagement. Video overview of the entire platform.
Collection of Feedback and Preparation for Future Smart Contract Integration.
Project management:
https://www.linkedin.com/in/peterhucik/
Auditing know-how and exploit severity decisions, smart contract design:
https://www.linkedin.com/in/sladecekmichal/
https://www.linkedin.com/in/michal-porubsky/
FE development:
https://www.linkedin.com/in/sebastian-jakabcin-6a28b1220/
BE development:
https://www.linkedin.com/in/igortot/
Development Costs: 45,000 ADA
User Interface Design and Enhanced Testing: 20,000 ADA.
Marketing and Community Engagement: 10,000 ADA.
Project Management and Reporting: 10,000 ADA.
Contingency and Miscellaneous: 5,000 ADA.
Total: 90,000 ADA.
The budget is meticulously crafted to offer maximum value for the Cardano ecosystem. Developer and auditor costs are based on market rates. Investment in community engagement and marketing ensures widespread adoption and contribution. Efficient project management and regular reporting demonstrate our commitment to transparency and accountability. Each ADA spent aims to fortify Cardano's security infrastructure, contributing to the network's long-term sustainability and trustworthiness.
By preventing high-severity bugs and ensuring the reliability of smart contracts, the platform will potentially save significant funds that would otherwise be lost to vulnerabilities and exploits, thereby offering high value for the money invested. This will also indirectly boost user confidence and investment in the Cardano ecosystem.