Grey hat tokens to reward vulnerability disclosure

Maybe , but certainly needs more thougt.

Surely once the hacker showed they had accees to those tokens it would cause alot of tokens on that protocol to behave erratically, causing " harm ".
Id certainly expect it to.

What reward can we offer?
I dont think theres much pie left to be divied up is there?

I imagine that after launch we could create a white-hacker bug-bounty fund, so a payment would be negotiated out of that.

I would expect that white-hat people would talk quietly with devs and not publicly release the info.

If i were using a protocol and knew such tokens existed on it, id expect id likely have some alerts set up incase any of them moved.
Id expect that same behavior from many using that protocol with wealth at risk.

As i said, needs more thought.

1 Like

yeah but that’s easy … the devs would have keys for those pots and they just move them in and out of unlisted pots so that it couldn’t be determined if it was the devs or white hats.

the real issue here is whether it’s acceptable to have a system where the only way to allow for white hats is for them to commit a crime.

If we agree that such a world stinks, then finding ways to make it legal for them to test the system and get rewarded seems a no-brainer to me … but maybe I’m missing something.

In that set up imo youre just adding issues, as it becomes harder to know for sure exactly what was compromised and by whom.
Id think youd want keys destroyed and coins sat on publicly announced address.

1 Like

If I’m adding issues, then clarify what all of those issues are.

This is meant as a system for white hats to find bugs … so if a white hat fails to explain a successful hack to devs, they get nothing. meanwhile devs can still see in the pots, so If dummy tokens disappear for random reasons it’s also a clue to devs that there is a problem.

No issues here as far as I can see. If I’m wrong let me know what I’m missing.

I did.

Your allowing potentially multiple ppl to access the keys, on potentially multiple machines.
Surely i dont need to point out how this increases the attack surface.

1 Like

Surely I don’t need to point out that it’s meant to be attacked and that the devs have no reason to manipulate this and there are no negative effects even if they did … unless you want to elaborate more.

You didn’t … you pointed out ONE issue, which is clearly not an issue, but labeled it as having issues plural.

edit: could one of the mods move this to a new thread maybe: “White-Hat, Dummy token discussion”


edit2: I misspoke earlier which may be adding to the confusion –

The pots would be public - as I had clarified earlier - but:

So the point here was to deal with @bones concern that visibly moving tokens would trigger a worry that hackers had figured out how to steal tokens.


  • pots are visible
  • devs have keys
  • devs automate random moving of tokens between visible pots and secret pots and knowledge that devs do so is public

… therefore no reason to suspect anything (by the general public) that a successful hack has occurred.

1 Like

It seems to me , ill admit possibly wrongly, that you dont want to debate at all but push your opinion, so ill leave you to it.

Indeed you do not!
It seems you didnt grasp my point.

wow! … I was thinking the exact same of you. You are negative in your responses and feels like there’s another agenda under the surface (I hope not).

Then please do explain it in more detail if I missed something. I’m not your enemy - the problem as described in my first post is the enemy - I’m just looking for solutions - surely that’s what we should all be concerned with.

Dude, im tired, trying to unwind at the end of the week, ill try and dm over the weekend

What should be the OP was left out of the move to new thread:

Expanding the first quote in the op shows your original post in what’s up today, which is what you just linked.


cool … didn’t think of that.

1 Like