GoodDollar Basic Income Protocol Bug Bounty

$10,000 in prizes available!

GoodDollar has recently launched its basic income protocol. This bug bounty challenge serves to stress-test the GoodDollar smart contracts. Successful submissions are at the discretion of the GoodDollar CTO, and will require evidence and documentation of any hack. You can learn more from the full description and documentation here.

Follow GoodDollar on Twitter and Facebook

Join the GoodDollar Telegram group

GoodDollar GitBook

GoodDollar GitHub

Information

GoodDollar is a people-powered framework to generate, finance, and distribute global basic income via the GoodDollar token (“G$ coin”). Its goal is to provide a baseline standard of living and reduce wealth inequality through the creation of a universal basic income (UBI).

GoodDollar - gooddollar.org

White Paper - https://whitepaper.gooddollar.org/

LitePaper - https://litepaper.gooddollar.org/

Scope

The Gooddollar Bug Bounty is limited to vulnerabilities affecting the gooddollar smart contracts:

DAO Contracts

Staking model contracts

Awards

The severity of bugs will be assessed under the CVSS Risk Rating.

Critical (9.0–10.0): Up to $10,000

High (7.0–8.9): Up to $5,400

Medium (4.0–6.9): Up to $2,800

Low (0.1–3.9): Up to $1,000

Disclosure Requirements

Any vulnerability or bug discovered must be reported only to the following email: Hadar@gooddollar.org

The bug must not be disclosed publicly or to any other person, entity or email address other than Hadar@gooddollar.org

Please include as much detail about the vulnerability as possible including:

• Conditions on which reproducing the bug is contingent.
• Steps needed to reproduce the bug or, preferably, a proof of concept.
• Implications of the vulnerability being abused.
• Any bug reporter who reports a previously unreported bug that results in a change to the code or a configuration change and who keeps the vulnerability confidential until it has been resolved by our engineers will be recognized publicly for their contribution, if agreed.

Eligibility

To be eligible for a reward in the Gooddollar Bounty, you must:

• Discover a previously unreported, non-public vulnerability that would result in a loss of or a lock of any token on Gooddollar (but not on any third party platform interacting with Gooddollar) and that is within the Scope mentioned above.
• Provide sufficient information to enable our engineers to reproduce and fix the vulnerability.
• Make a good faith effort to avoid privacy violations, destruction of data, interruption or degradation of Gooddollar.
• Not submit a vulnerability caused by an underlying issue that is the same as an issue on which a reward has been paid under the bounty program.

Other Terms

All reward decisions, including eligibility for and amounts of the rewards and the manner in which such rewards will be paid, are made at our sole discretion.

Staking Model Contracts Docs

• Smart contracts
• Architecture & Value Flow
• Core Contracts & API