There is no central place a Cardano project can post for community help. This site is a gateway to solving project needs with the rest of the community, ultimately resulting in higher quality dApps.
A website will be created to allow anyone with a Cardano wallet to create, interact with, and claim a bounty. Bounties can range from coding help to reporting security vulnerabilities in a project.
This is the total amount allocated to ADA Bug Bounty Website
With over a thousand projects currently in the Cardano ecosystem and many more in the works, there will be no shortage of users. The Cardano Foundation recognized the power of this model in August 2021 by teaming with HackerOne to provide bounties for security vulnerabilities within the Cardano codebase.
Extending this capability to all Cardano projects through a simple to use website just makes sense.
The website will allow a user to connect their Cardano wallet to the site. Without a wallet connection, the site will be read only. Once a wallet is connected, it will act as the user’s login/identity and the site will no longer be read only. The user will have the option to attach an alias, small avatar, an email, and a website URL to their wallet. If they add this additional data, then they will be required to sign arbitrary data with their wallet before they can log into the site. The resulting signature will then be verified to confirm or deny the user’s login.
Bounty Submission and Storage
A simple form will be available for a bounty creator to fill out. The metadata required for the bounty will include: who created it (project name or person’s alias/name), a bounty category, a problem statement, the reward amount in ADA/native token, the success criteria, how to claim the bounty, optional tags, an optional website URL, and an optional time frame for completion (up to 1 year).
There will be error checking on the submission to include that the required fields are filled out along with some specific validity checking per field. After filling out the form, the creator will be able to review their bounty before a final submission. The final submission will generate a transaction to store the metadata on the Cardano blockchain. There will be a small service fee (<= 3 ADA) collected with it along with the Cardano network fee. The submission data will also be parsed and stored in an ElasticSearch repo. This ElasticSearch repo will allow the bounties to be fully searchable via free text search, token type and amount, creator, and tags.
Creators will be able to view all of their bounties in their dashboard view.
A bounty hunter will be able to use search and listing capabilities to find bounties that they are interested in. A comment thread will be available for each bounty for additional comments and questions. Once a hunter finds a bounty they are interested in, they can bookmark it for easy retrieval on subsequent site visits. These bookmarked bounties will be viewable on their dashboard.
It’ll be up to the bounty hunter to contact the creator and present the evidence required for collecting the bounty as directed by the creator.
Claiming a Bounty
The success criteria given by the creator will be the final marker as to whether a solution should receive the bounty or not. A bounty hunter will be required to follow the creator’s instructions for claiming the bounty. The creator will need to review the submission against the success criteria and determine if the criteria is met.
Bounty Closing and Expiration
A bounty can be closed by the creator at any time regardless of its status. Closure by the creator will be recorded on the blockchain via a transaction and also recorded in the ElasticSearch repo.
The creator must add the transaction ID for the bounty reward as part of closing the bounty if they want it to be marked as successful. The transfer amount from the bounty transaction will be verified and checked against the bounty reward. If the transfer amount meets and/or exceeds the declared bounty reward, the system will mark the bounty as successfully resolved. If the reward is lower than the declared bounty reward, then the system will mark the bounty as being partially successful. If the bounty is closed without a resolution, the system will mark it as unsettled.
A bounty will be marked expired if the creator creates an end date for the bounty and the bounty is not yet closed by the creator. In this case, only the ElasticSearch repo will be updated to indicate that the bounty is expired. It will still be up to the creator to create a transaction to close a bounty.
For a bounty with no end date, if no comments or changes have been recorded for a 6 month period, the bounty status will be recorded as stale. It will be up to the creator to change the status of the bounty back to active. This will prevent clogging the system up with orphaned bounties.
Multiple metrics for creators and hunters will be collected to help provide assurances for the community and accountability for creators and hunters. These metrics can be nuanced, so it will be up to each user as to whether or not they want to work with another user based on these metrics.
This is the initial list of metrics that will be available.
There will be milestones for successful bounties for both creators and hunters. As they cross the threshold for these milestones, they will be given the option to mint an NFT with their status for a service fee (<= 5 ADA) plus the Cardano network fees. For the purpose of this proposal and the initial project capabilities, these NFTs will have no intrinsic value other than as a symbol of the holder’s status on the site.
Cardano metadata and wallets will be the backbone for the project. The website will be an Angular project. The Cardano metadata for a bounty will be stored on the Cardano blockchain to provide immutability. In addition to that, it will be parsed and stored in ElasticSearch. Bounty comments and system metadata will be stored in ElasticSearch.
Parsing and storing this data in ElasticSearch will allow for a number of capabilities to the site:
List of technologies and libraries to be used for implementing the website:
A small service fee (<= 3 ADA) will be applied to every proposed bounty. This fee will be in addition to the Cardano network fee for submitting the transaction. There will be no fees associated with commenting on a bounty. There will be no service fees associated with closing a bounty but there will be a Cardano network fee.
In the future, holding certain NFTs, delegating to specific pools, and/or holding a particular native token could be used as a way to waive or lower the service fee.
This project addresses all three success categories listed in "F9: Dapps, Products & Integrations".
Increasing the number of dapps and products available for the community to use that help to enrich the ecosystem with new use cases.
This project will combine leading Web2 solutions with Cardano Web3 libraries. The world is full of amazing developers who have limited to zero Web3 experience. This project will show that moving into the Web3 space is easier than it’s ever been.
The site itself will be a tremendous resource for those new to Cardano development and current developers.
Increase the number of integrations that bring existing solutions together for a more seamless and connected experience between different products.
Projects will list their bounties on a public website. Any Cardano project or developer can search these bounties and if their product or skills fits the bounty, then symmetry could be found. Finding symmetry with other projects can bring massive value to both parties. This ultimately will bring more capable and mature APIs and products to the Cardano ecosystem.
Increased quality of existing products & integrations through suggested improvements that is supported by customer feedback or increased usage by the community.
The bounty rewards will incentivise the community to get involved in the development of the Cardano ecosystem. Bounties are typically awarded to someone who finds security and/or critical bugs within existing or developed software. Bounties can also be awarded for helping the creator through a coding problem. In both cases, the security and quality of the product can be increased through this community collaboration.
The traditional technologies being used have been around for a long time. They have been vetted through many years of usage and development. They are extremely low risk.
The Cardano wallet and browser libraries are fairly new, but have been being used for a number of projects already. There are some risks that the wallet API and/or capabilities change, which would then require changes to the site. The wallets and browser libraries that are implemented will be followed to track any potential breaking changes. Updates to the system will be made to mitigate those changes.
Overall, the project’s main risk is the funds required for setting up and hosting the website and services. Having this project funded through Catalyst would mitigate this risk.
There are multiple milestones for the development and delivery timeline. The capabilities listed for each milestone are high level in some cases. Further breakdown would be addressed during issue creation in the GitHub repository. The time listed per milestone is in calendar time and not total development hours.
After Milestone 5, the initial capabilities stated in this proposal will be completed. Any development after that time will be considered maintenance and enhancements. Costs associated with this development will be covered by this proposal for the remainder of the first year. After the first year, service fees will be used to cover further development activities.
Milestone 1 (4 months)
Milestone 2 (1 month)
Milestone 3 (1 month)
Milestone 4 (1 month)
Milestone 5 (1 month)
Maintenance mode (4 months)
Total Development Time: 8 months
Total Maintenance Time: 4 months
Total Time: 1 year
Senior Full Stack Developer (pre-tax): $48,600
This line item pays for 540 hours of a Senior Full Stack Software Developer’s time at a rate of $90/hour. 480 hours are dedicated through Milestone 5. 60 hours are dedicated to maintenance after Milestone 5 is completed.
Responsibilities for this role include (but are not limited to):
Service Hosting and Infrastructure for 1 Year: $5000
Steve Fisher has been in the software field for over 23 years now. In addition to developing and fielding full stack solutions, he’s led teams though multiple system, preliminary, and critical design reviews. He has been involved in customer training for the products and services he has delivered and he’s used that time to push added value back into those projects.
He created a small LLC named Swift Crypto LLC ( https://www.swiftcryptollc.com )to mine Ethereum in 2021. Looking to the future, he became a Cardano enthusiast and single stake pool operator for ADA for Warriors https://4wardpool.swiftcryptollc.com. He is a core member of the FreeLoaderz Cardano group as well as a member of the Cardano SPA and xSPO alliances.
With FreeLoaderz, he is the lead web developer for SmartClaimz. The testnet version can be found here: https://rwd.freeloaderz.io and the repo for the front end can be found on FreeLoaderz’ Github here: https://github.com/FreeLoaderz/rwd-frontend
Additional information can be found on Steve’s LinkedIn page:
The FreeLoaderz team will be one of the early users of the bounty site. Their testing and feedback during the testnet phase will be used to tweak usability issues and find any critical issues with the system.
Further funding for this effort will not be requested. This is a self-contained proposal to create, deploy, and give some maintenance runway to this bounty website. The funding requested in this proposal will cover the cost of site hosting and developer maintenance for the first year. If the community embraces this Bounty project, the site revenue should continue to cover the costs beyond that time frame.
The Github repo will contain a list of tasks/issues that need to be completed. These tasks are tied to project milestones. Each milestone has an end date. Progress will be measured by completing these tasks for the current milestone before the milestone end date.
There a number of metrics that will define success:
This is a new proposal.
Steve Fisher has an Information Systems Master’s degree from George Mason and 23+ years of experience in Software/Systems Engineering. He is a core member of FreeLoaderz and he runs the ADA for Warriors pool (Cardano SPA and xSPO). He is the lead web developer for SmartClaimz.