Looking to donate to projects in Gitcoin Grants Beta Round? Support here.
Gitcoin Virtual Hackathon

GoodDollar Basic Income Protocol Bug Bounty

Sep 14, 2020 - Dec 31, 2020

This hackathon event had ended at Dec. 31, 2020, 11:59 p.m., please check the ongoing hackathons.

GoodDollar Basic Income Protocol Bug Bounty

$10,000 in prizes available!

GoodDollar has recently launched its basic income protocol. This bug bounty challenge serves to stress-test the GoodDollar smart contracts. Successful submissions are at the discretion of the GoodDollar CTO, and will require evidence and documentation of any hack. You can learn more from the full description and documentation here.

Follow GoodDollar on Twitter and Facebook

Join the GoodDollar Telegram group

GoodDollar GitBook

GoodDollar GitHub


GoodDollar is a people-powered framework to generate, finance, and distribute global basic income via the GoodDollar token (“G$ coin”). Its goal is to provide a baseline standard of living and reduce wealth inequality through the creation of a universal basic income (UBI).

GoodDollar - gooddollar.org

White Paper - https://whitepaper.gooddollar.org/

LitePaper - https://litepaper.gooddollar.org/


The Gooddollar Bug Bounty is limited to vulnerabilities affecting the gooddollar smart contracts:

DAO Contracts

Staking model contracts


The severity of bugs will be assessed under the CVSS Risk Rating.

Critical (9.0–10.0): Up to $10,000

High (7.0–8.9): Up to $5,400

Medium (4.0–6.9): Up to $2,800

Low (0.1–3.9): Up to $1,000

Disclosure Requirements

Any vulnerability or bug discovered must be reported only to the following email: Hadar@gooddollar.org

The bug must not be disclosed publicly or to any other person, entity or email address other than Hadar@gooddollar.org

Please include as much detail about the vulnerability as possible including:

  • Conditions on which reproducing the bug is contingent.
  • Steps needed to reproduce the bug or, preferably, a proof of concept.
  • Implications of the vulnerability being abused.
  • Any bug reporter who reports a previously unreported bug that results in a change to the code or a configuration change and who keeps the vulnerability confidential until it has been resolved by our engineers will be recognized publicly for their contribution, if agreed.


To be eligible for a reward in the Gooddollar Bounty, you must:

  • Discover a previously unreported, non-public vulnerability that would result in a loss of or a lock of any token on Gooddollar (but not on any third party platform interacting with Gooddollar) and that is within the Scope mentioned above.
  • Provide sufficient information to enable our engineers to reproduce and fix the vulnerability.
  • Make a good faith effort to avoid privacy violations, destruction of data, interruption or degradation of Gooddollar.
  • Not submit a vulnerability caused by an underlying issue that is the same as an issue on which a reward has been paid under the bounty program.

Other Terms

All reward decisions, including eligibility for and amounts of the rewards and the manner in which such rewards will be paid, are made at our sole discretion.

Staking Model Contracts Docs

bounty explorer
Check out the Prizes

Visit the Prize Explorer to check out the prizes posted by our hackathon sponsors. Click each prize to show important details, including the submission requirements, submission deadline, etc.

express interest
Join the Hackathons Chat Workspace

Chat with other hackers, ask sponsors and the Gitcoin team questions, find or create a team, and communicate real-time. Click here to join the party!

bounty explorer
Start Work via Gitcoin

When your team is formed please have one of your teammates navigate to each prize page you plan to compete for and click the “Start Work” button.

express interest

Build your cool ideas and make your vision come true with your team!

bounty explorer
Submit Work via Gitcoin

When your project is completed, submit your work by clicking the “Submit Work” button on the prize page/