Launching A Bug Bounty Program To Help Enhance The Security Of 1Hive

Lauch A Bug Bounty

This proposal arose as a result of what transpired here

Taking action that will further strengthen security and close loopholes that might be exploited by bad actors:
*As a project such as ours continue to succeed, grow, and we start to generate significant wealth, we’ll inevitably start to draw the attention of people both good and bad.
Anyone involved in crypto will agree with me that one of the biggest if not the biggest issue bugging the space is security. We all here stories of security exploits everyday, just one slip up could mean the death of the project, we will all be left with nothing or worthless tokens and all our work and efforts would have been for nothing, but more painfully it will seriously hurt this beautiful and disruptive next-gen economic model which we are building here.

In as much as what happened is no where close to that, it begins to raise some questions about how secure 1Hive smart contracts really are and if the common pool can be exploited. This is very important especially when you consider that all we’ve achieved so far has been strictly on individual and community effort with little to no funding and perhaps little experience too. It is not as if 1Hive raised a substantial sum of money and is backed by powerful institutions that have in their arsenal huge human and capital resources that is deployed to ensure the project gets the best available world-class security available anywhere on the planet.
Not to take anything away from our awesome developers, i’m optimistic they’ll welcome this idea. They got us to where we are today and i don’t care what anyone says, i think they are among the best talents anywhere in the world, and we are lucky they are here. But then one can never be too careful. Also i can’t find any sought of formal documentation that tells us their experience, specialty or those kind of stuff.
So far everything have been going great and there have been zero major security incident as far as i can tell. Maybe we’ve not been subjected to any serious major attack because we’ve been kinda under the radar and have only fairly recently just started getting a lil bit of limelight, if i can even call it that. Therefore, i believe we have to tread very cautiously and always watch our backs.

To make sure there aren’t any loopholes bad actors could exploit to inflict damage of any kind, I suggest we launch a bug bounty program and create as much awareness as we can about it. I wanted to suggest an audit but then not only is securing the services of reputable world-class auditors quite expensive, there is also no guarantee that we can’t still be exploited even after they must have completed their job.
I believe a bug bounty will further enhance the security of our Hive.

5 Likes

While I support the idea, I think it’s good to adhere to the proposal format that’s been laid out.

It should pop up automatically when you create a draft in the proposal category

Thanks. I think i followed the proposal format. This is just a signalling proposal. I wouldn’t mind if you can point me to what i didn’t do right.

1 Like

Oh, my bad bro. I completely forgot about the other type of proposal.

Where can I read about those?

lkgn talked a bit about it here. I’m not sure if thats exactly what you are looking for but i’m sure it’ll help. https://discord.com/channels/698287700834517064/708186863537618965/768844790040363008

This seems critical to me.

The problem with someone finding a bug an demanding their own amount of money is that they can demand anything and claim it as good faith. It’s akin to blackmail.

Just another thing to add, should we consider a security/bugs swarm?

I don’t think that’s how it’ll work, anyone can not just quote whatever they like as reward. If the proposal passes we can open a poll and the community can decide on a fixed standard reward, types of bug can be classified, eg critical, mild, etc and different rewards for each. Developers can be assigned the role of classifying under which class any bug discovered falls so that the appropriate reward can be paid.

I don’t think a security/bug swarm is necessary.

I meant how it played out with the other situation you referenced. Having a bug bounty in place should help to resolve that.

Discussion have commenced on kicking off a bounty program here 1Hive Contract Bug Bounty Program i think we should go there and lend our voices. @Blackbus i didn’t fully understand what you mean by creating a swarm at first but later on while typing my response to that post i thought it would actually be better to create a swarm dedicated to this made up of developers seeds and community members.

I am now going to withdraw the proposal since it has gotten the support it needs and it looks like we might be launching a bug bounty soon.

1 Like