Please login or register.

Create bounty for disproving ringCT, finding bugs, etc in Mo[...]

Based off of this post:

I thought it's a good point. I know we have the Monero research lab/team doing work in improving the code base for Monero, but what if we raise some money for other people to look at the code for bugs that could be fixed so the code will continue to work on getting even better than it is now?

We could possibly through in a little stash and hold funding here and if someone, somewhere finds something, they can report to the research team and if they see that it's a legitimate finding, they can release the xmr to them.

What do you guys think?

Replies: 3
xmr_eric posted 7 years ago Replies: 1 | Weight: 0 | Link [ - ]

I tried asking people about this on Reddit and got a somewhat critical response, but I think it's a great idea. I would donate BTC or XMR to help make this happen. We need vulnerability testing. Surely they already exist. The first implementation is never perfect.

There should be a qualification for the bounty. IE: something MoneroMooo or another mainstream dev designates critical and worthy of the money.

Reply to: xmr_eric
floam412 posted 7 years ago Replies: 1 | Weight: 0 | Link [ - ]

Yeah, it gets kind of tough when trying to figure out 1) What qualifies as a "worthy bug", and 2) Who or whom should decide if it's "worthy" of the bounty.

Maybe if the community can decide to raise a bounty for a certain type of bug(s), rather than just a bug in the broad scope of "monero's code base", then that will raise the threshold of what counts and not cause a lot of unnecessary argument between devs and bounty hunters.

Reply to: floam412 xmr_eric
xmr_eric posted 7 years ago Weight: 0 | Link [ - ]

This really doesn't have to be too difficult. Put 1000 XMR aside for anybody that can break Monero's cryptography. Has to be validated by Shen. Or 1000 XMR for anybody that can expose a network-breaking bug. Has to be validated by Moneromooo. Surely those two individuals have put so much time into this coin that they would be interested to hear from anybody who claims they've figured out a major exploit.

If they're worried about getting 100s of spam emails a day claiming the bounty, perhaps set up a middleman to delete all the crap emails and only forward on those that seem to hold promise.

Others have said, with some validity, that a real profit incentivized hacker wouldn't care about a 1000 XMR bounty, but would simply short XMR and then run the exploit. But I think the bounty would encourage those who are part of the community, yet possess some hacking skills, to put their talents to good use, and thus help the community while still getting "paid" for their time.