Introducing GoodDollar’s Basic Income Protocol Bug Bounty
GoodDollar is live and over 20,000 users have created wallets from every corner of the globe. Are you interested to learn how we plan to use smart contracts to pay for global basic income? Come learn about GoodDollar and hack our system … A week into the launch of GoodDollar’s basic income protocol, and over 20,000 wallets have been created from more than 100 countries across the globe. Users (who GoodDollar refers to as “Claimers”) are registering from all around the world – from Australia,…
GoodDollar is live and over 20,000 users have created wallets from every corner of the globe. Are you interested to learn how we plan to use smart contracts to pay for global basic income? Come learn about GoodDollar and hack our system …
A week into the launch of GoodDollar’s basic income protocol, and over 20,000 wallets have been created from more than 100 countries across the globe. Users (who GoodDollar refers to as “Claimers”) are registering from all around the world – from Australia, Albania, Argentina, and Austria, and over 100 countries starting with other letters in between. While it has been thrilling for the team to see the excitement many people have for the project, now is the time to stress test our contracts and the GoodDollar money flow.
We need your help! This blog post will hopefully explain a bit more about our GoodDollar system architecture, the smart contract value flow, and how you can participate and submit for the GoodDollar bug bounty. So let’s get into it:
GoodDollar Bug Bounty Overview
GoodDollar has recently launched its basic income protocol (you can learn more via our White Paperand Lite Paper published here). GoodDollar is a people-powered framework to generate, finance, and distribute global basic income via the GoodDollar token (“G$ coin”). Its goal is to provide a baseline standard of living and reduce wealth inequality through the creation of a universal basic income (UBI).
This bug bounty challenge serves to stress-test the GoodDollar smart contracts. Successful submissions are at the discretion of the GoodDollar CTO, and will require evidence and documentation of any hack
Scope
The Gooddollar Bug Bounty is limited to vulnerabilities affecting the gooddollar smart contracts: DAO Contracts Staking model contracts
Awards
The severity of bugs will be assessed under the CVSS Risk Rating.
Critical (9.0–10.0): Up to $10,000 High (7.0–8.9): Up to $5,400 Medium (4.0–6.9): Up to $2,800 Low (0.1–3.9): Up to $1,000
Disclosure Requirements
Any vulnerability or bug discovered must be reported only to the following email: Hadar@gooddollar.org
The bug must not be disclosed publicly or to any other person, entity or email address other than Hadar@gooddollar.org
Please include as much detail about the vulnerability as possible including:
- Conditions on which reproducing the bug is contingent.
- Steps needed to reproduce the bug or, preferably, a proof of concept.
- Implications of the vulnerability being abused.
- Any bug reporter who reports a previously unreported bug that results in a change to the code or a configuration change and who keeps the vulnerability confidential until it has been resolved by our engineers will be recognized publicly for their contribution, if agreed.
Eligibility
To be eligible for a reward in the GoodDollar Bounty, you must:
- Discover a previously unreported, non-public vulnerability that would result in a loss of or a lock of any token on GoodDollar (but not on any third party platform interacting with GoodDollar) and that is within the Scope mentioned above.
- Provide sufficient information to enable our engineers to reproduce and fix the vulnerability.
- Make a good faith effort to avoid privacy violations, destruction of data, interruption or degradation of GoodDollar.
- Not submit a vulnerability caused by an underlying issue that is the same as an issue on which a reward has been paid under the bounty program.
Other Terms
All reward decisions, including eligibility for and amounts of the rewards and the manner in which such rewards will be paid, are made at our sole discretion.
Follow The Money … Flow – Understanding GoodDollar
GoodDollar wraps around yield-generating decentralized finance protocols. Those funds are used to mint a reserve-backed crypto-asset (G$), which is used for yield-payouts to Supporters who staked capital, and distributed daily as basic income to users. Consider GoodDollar’s money flow graphic, highlighting the nine key stages, from Supporters’ staking to Claimers receiving daily basic income.
For those who are interested to understand in even more detail, the GoodDollar White Paper explains all the key monetary policy and monetary tools. The below notes, on our smart contract architecture, should assist, too.
Smart Contract Architecture
- Supporter “stakes” cryptoasset to GoodStaking contract
- Currently only accepting stakes in DAI
- GoodStaking deposits crypto-asset to a permissionless protocol
- Currently integrated only with Compound
- Permissionless protocol issues a “staking token”: cDAI
- GoodStaking issues a non-transferable record to the Supporter’s wallet
- Supporter can withdraw “stake” at any time
- GoodDAO contract sends a daily request to GoodStaking to collect earned interest
- GoodStaking sends interest to GoodReserve
- GoodDAO triggers the GoodReserve to mint G$ and sends newly minted G$ to the GoodDAO. G$ minted are used for interest yield-payouts (currently inactive) and a pool of daily basic income
- Interest payouts are sent back to GoodStaking (currently inactive)
- GoodDAO sends G$ for pool of daily basic income to the UBI Scheme Smart Contract, via the Fuse bridge
- G$ in the UBI Scheme Smart Contract is divided between all “active” users/Claimers
- Each Claimer has a 24-hour window to log-in and claim their share of the daily basic income pool
GoodDollar’s Core Smart Contracts And API
The GoodDollar Protocol is deployed on both the Ethereum mainnet and on the Fuse sidechain. Contracts like the GoodReserve are only on mainnet, and other contracts like the UBIScheme are only on the Fuse sidechain. Certain contracts, such as the DAO and G$ Token contracts, are deployed on both networks.
Here are all of the smart contract functions and source code / addresses listed in one convenient place, just for you.
| Contract | Mainnet | Fuse | Source code |
| GoodDollar ERC20 | 0x67C5870b4A41D4Ebef24d2456547A03F1f3e094B | 0x495d133B938596C9984d462F007B676bDc57eCEC | GoodDollar.sol |
| Identity | 0x76e76e10Ac308A1D54a00f9df27EdCE4801F288b | 0xFa8d865A962ca8456dF331D78806152d3aC5B84F | Identity.sol |
| GoodStaking | 0xEa12bB3917cf6aE2FDE97cE4756177703426d41F | SimpleDAIStaking.sol | |
| GoodReserve | 0x5C16960F2Eeba27b7de4F1F6e84E616C1977e070 | GoodReserveCDai.sol | |
| GoodFundManager | 0xbDFD60f3aE73329D33ebe17d78383DEfd72643Ad | GoodFundManager.sol | |
| GoodMarketMaker | 0xEDbE438Cd865992fDB72dd252E6055A71b02BE72 | GoodMarketMaker.sol | |
| ContributionCalculation | 0x8eEC64bb6807c0178f96277cCE6a334B4e565E5C | ContributionCalculation.sol | |
| UBIScheme | 0xAACbaaB8571cbECEB46ba85B5981efDB8928545e | UBIScheme.sol | |
| FirstClaimPool | 0x18BcdF79A724648bF34eb06701be81bD072A2384 | FirstClaimPool.sol | |
| AdminWallet | 0x9F75dAcB77419b87f568d417eBc84346e134144E | AdminWallet.sol | |
| OneTimePayments | 0xd9Aa86e0Ddb932bD78ab8c71C1B98F83cF610Bd4 | OneTimePayments.sol |
Resources
Other Ways To Get Involved
- Sign up to begin to claim G$
- Follow GoodDollar on Twitter and Facebook
- Join our Telegram group
- Sign up to receive the weekly GoodNews on basic income and open finance
Again, only bug bounty submissions that are sent to Hadar@gooddollar.org will be accepted!