Bible Pay

Read 1099 times

  • Rob Andrews
  • Administrator

    • 2146

    • 29
    • June 05, 2017, 08:09:04 pm
    • Patmos, Island Of
Bug Bounty Program
« on: May 11, 2019, 03:33:34 pm »
If anyone finds a critical security bug in BiblePay, please start by announcing it here.

We will work with you and reward up to 2 million BBP for the bug, depending on its systemic nature.


Current Bug Bounties:

Bug Reward Type 1:
Capability to solve a proof-of-bible-hash in a GPU or ASIC:
The white-hat-hacker will need to prove to us that it is not only possible to hash a block in a GPU (or ASIC device), but the blockhash solution was obtained is also hashed in a more efficient manner than the PC.  An example would be to prove that a certain GPU and program (created by the hacker) will solve a POBH block in 1 second while the same standard-PC would take much longer to solve (IE 30 seconds for example).  (Or a similar high-efficiency scenario resulting in at least a 200% gain so as to ensure the gain is a real gain by BiblePay devs).

NOTE - You must be able to prove this attack will work against production in a reproducible way.
An example that will not be sufficient:  Creating a test environment where your GPU program can solve a theoretical bible-hash in test only.  The reason this case is not really an exploit is our POBH algo also passes in certain live network values - into the hash function in real time, such as the 'allowable maximum nonce'.  Meaning that in a test environment you are cheating if you don't take live production data into account.

An example that is valid:  A c program written by the hacker taking into account live production data and solving a POBH block in a reproducible manner that provides a financial edge to the hacker.

REWARD:  2 MILLION BBP - paid by Rob Andrews founder - Rob will only attempt to recoup the loss with a proposal after the hacker is paid and Rob will take on the risk


Bug Reward Type 2:

Capability to prove that a BiblePay GSC smart contract can leak rewards to a hacker that were not earned by the hacker through GSC projects (or, any reproducible security exploit resulting in Leaked BiblePay coins to the hacker that the hacker did not earn):

This type of bug rewards a white-hat-hacker for finding an attack vector into one of our GSC (generic smart contracts), one of our Projects (such as POG or healing) and finding a way to pull coins out of BiblePay that the hacker really did not earn. 

An example of this would be trying to create or falsify a smart contract, and "slide it by" the sanctuaries to approve it.  Or finding any way to pull coins out of an existing project that were not earned by the user.  All smart contract rewards requite coin*age from UTXOs, so it is our belief it is impossible to pull money out of one of our daily contracts that is not earned.

Please post a question if you are unsure if your hacking effort will result in payment.

REWARD: 2 MILLION BBP - Paid by Rob Andrews Founder - Rob will attempt to recoup the loss only after the hacker is paid and Rob takes on the risk


Bug Reward Type 3:

Notify us of any security bug that is found in our software, such as BEAST, Crime, HTTPS exploits, SSL exploits, ECDSA, BLS, or any upstream bug discovered by Bitcoin/Dash or a community bug.

Reward: 10K+ depending on the nature of bug - at the discretion of the devs.

« Last Edit: June 04, 2019, 01:34:34 pm by Rob Andrews »

  • togoshigekata
  • Sr. Member

    • 466

    • 25
    • September 01, 2017, 10:21:10 am
    • USA
Re: Bug Bounty Program
« Reply #1 on: November 01, 2019, 12:30:55 pm »
Should we try to list these on any bug bounty websites?


Pricing wise, looks like hackerone applies a 20% fee on top of the bounty that gets paid out, I couldnt find information on bugcrowd

Ill add the bounties to the reddit sidebar, the ANN and to the website