Surely once the hacker showed they had accees to those tokens it would cause alot of tokens on that protocol to behave erratically, causing " harm ".
Id certainly expect it to.
What reward can we offer?
I dont think theres much pie left to be divied up is there?
If i were using a protocol and knew such tokens existed on it, id expect id likely have some alerts set up incase any of them moved.
Id expect that same behavior from many using that protocol with wealth at risk.
yeah but that’s easy … the devs would have keys for those pots and they just move them in and out of unlisted pots so that it couldn’t be determined if it was the devs or white hats.
the real issue here is whether it’s acceptable to have a system where the only way to allow for white hats is for them to commit a crime.
If we agree that such a world stinks, then finding ways to make it legal for them to test the system and get rewarded seems a no-brainer to me … but maybe I’m missing something.
In that set up imo youre just adding issues, as it becomes harder to know for sure exactly what was compromised and by whom.
Id think youd want keys destroyed and coins sat on publicly announced address.
If I’m adding issues, then clarify what all of those issues are.
This is meant as a system for white hats to find bugs … so if a white hat fails to explain a successful hack to devs, they get nothing. meanwhile devs can still see in the pots, so If dummy tokens disappear for random reasons it’s also a clue to devs that there is a problem.
No issues here as far as I can see. If I’m wrong let me know what I’m missing.
Your allowing potentially multiple ppl to access the keys, on potentially multiple machines.
Surely i dont need to point out how this increases the attack surface.
Surely I don’t need to point out that it’s meant to be attacked and that the devs have no reason to manipulate this and there are no negative effects even if they did … unless you want to elaborate more.
You didn’t … you pointed out ONE issue, which is clearly not an issue, but labeled it as having issues plural.
edit: could one of the mods move this to a new thread maybe: “White-Hat, Dummy token discussion”
cheers
edit2: I misspoke earlier which may be adding to the confusion –
The pots would be public - as I had clarified earlier - but:
So the point here was to deal with @bones concern that visibly moving tokens would trigger a worry that hackers had figured out how to steal tokens.
So:
pots are visible
devs have keys
devs automate random moving of tokens between visible pots and secret pots and knowledge that devs do so is public
… therefore no reason to suspect anything (by the general public) that a successful hack has occurred.
wow! … I was thinking the exact same of you. You are negative in your responses and feels like there’s another agenda under the surface (I hope not).
Then please do explain it in more detail if I missed something. I’m not your enemy - the problem as described in my first post is the enemy - I’m just looking for solutions - surely that’s what we should all be concerned with.