PROPOSAL 6: Bug Bounty

The HOPR Association takes the security of its protocol and smart contracts extremely seriously. We’ve commissioned numerous audits, always with extremely positive results. (Our latest audit from Chain Security will be published very soon.) But there’s no such thing as too much testing, especially when your protocol is designed to protect millions of dollars of assets.

This proposal would fund a bug bounty on immunefi or similar platform, which would be used to stress test our smart contracts, particularly the payment channel contract. In the event that the bounties are unclaimed, the HOPR tokens (minus platform service fee) would be returned to the control of the DAO.

21 Likes

fewer bugs, a more stable and secure network. we want our funds and investments to be protected and the network to work smoothly. this is a very good offer. it is necessary to support him.

1 Like

While I like it (and have expressed that :slight_smile:), I would strongly suggest these lean a lot towards using DAI and other tokens. Until use cases for hopr are developed and widely advertised, I think hopr given as bug bounty will likely be sold right away. I would not say the same about, e.g. giving hopr as incentive for winners in competitions and grants around developing use cases for hopr. Those would think twice before selling it (of course anyone may sell at the end). Even in these cases, I would support using other tokens such as DAI along with the hopr.

2 Likes

Very necessary initiative. Whether the use of other sites bug bounty, such as: Hackerone and Bugcrowd?

I think HOPR is already hyper focussed on this as a company for obvious reasons and dont think we need much more in this area. It doesnt ‘reach’ many people or get them involved in the project, so I would use the resources in other areas.

1 Like

I like this suggestion the most, because in the crypto market, technical failures are inevitable, we should fix and limit them from the beginning so that the protocol is safe and secure, rewarding those who can find the protocol error and fix it

What would be the anticipated chronology of events then?
… → last testnet → bug bounty → mainnet network launch accompanied by media coverage etc (worked already splendidly around the token sale) → hackathon(s) → … ?
In any case, 100% necessary!

I don’t think it’s necessary. It’s been done before. Anyone who finds a bug can always contact the team. The team will not leave it unanswered anyway. I think there is no need to create a bug bounty and allocate a separate budget for it.

You are aware of the fact that development and thus the onboarding of new features is never stalled?

Yes I know. I just don’t think it’s necessary to spend Hopr on this right now. I think we should focus on attracting new investors.

Most important thing will be to attract USERS!