Introducing GoodDollar’s Basic Income Protocol Bug Bounty

GoodDollar is live and over 20,000 users have created wallets from every corner of the globe. Are you interested to learn how we plan to use smart contracts to pay for global basic income? Come learn about GoodDollar and hack our system …

A week into the launch of GoodDollar’s basic income protocol, and over 20,000 wallets have been created from more than 100 countries across the globe. Users (who GoodDollar refers to as “Claimers”) are registering from all around the world – from Australia, Albania, Argentina, and Austria, and over 100 countries starting with other letters in between. While it has been thrilling for the team to see the excitement many people have for the project, now is the time to stress test our contracts and the GoodDollar money flow.

We need your help! This blog post will hopefully explain a bit more about our GoodDollar system architecture, the smart contract value flow, and how you can participate and submit for the GoodDollar bug bounty. So let’s get into it:

GoodDollar Bug Bounty Overview 

GoodDollar has recently launched its basic income protocol (you can learn more via our White Paper and Lite Paper published here). GoodDollar is a people-powered framework to generate, finance, and distribute global basic income via the GoodDollar token (“G$ coin”). Its goal is to provide a baseline standard of living and reduce wealth inequality through the creation of a universal basic income (UBI).

This bug bounty challenge serves to stress-test the GoodDollar smart contracts. Successful submissions are at the discretion of the GoodDollar CTO, and will require evidence and documentation of any hack

Scope

The Gooddollar Bug Bounty is limited to vulnerabilities affecting the gooddollar smart contracts: DAO Contracts Staking model contracts

Awards

The severity of bugs will be assessed under the CVSS Risk Rating.

Critical (9.0–10.0): Up to $10,000 High (7.0–8.9): Up to $5,400 Medium (4.0–6.9): Up to $2,800 Low (0.1–3.9): Up to $1,000

Disclosure Requirements

Any vulnerability or bug discovered must be reported only to the following email: Hadar@gooddollar.org

The bug must not be disclosed publicly or to any other person, entity or email address other than Hadar@gooddollar.org

Please include as much detail about the vulnerability as possible including:

  • Conditions on which reproducing the bug is contingent.
  • Steps needed to reproduce the bug or, preferably, a proof of concept.
  • Implications of the vulnerability being abused.
  • Any bug reporter who reports a previously unreported bug that results in a change to the code or a configuration change and who keeps the vulnerability confidential until it has been resolved by our engineers will be recognized publicly for their contribution, if agreed.

Eligibility

To be eligible for a reward in the GoodDollar Bounty, you must:

  • Discover a previously unreported, non-public vulnerability that would result in a loss of or a lock of any token on GoodDollar (but not on any third party platform interacting with GoodDollar) and that is within the Scope mentioned above.
  • Provide sufficient information to enable our engineers to reproduce and fix the vulnerability.
  • Make a good faith effort to avoid privacy violations, destruction of data, interruption or degradation of GoodDollar.
  • Not submit a vulnerability caused by an underlying issue that is the same as an issue on which a reward has been paid under the bounty program.

Other Terms

All reward decisions, including eligibility for and amounts of the rewards and the manner in which such rewards will be paid, are made at our sole discretion.

Follow The Money … Flow – Understanding GoodDollar

GoodDollar wraps around yield-generating decentralized finance protocols. Those funds are used to mint a reserve-backed crypto-asset (G$), which is used for yield-payouts to Supporters who staked capital, and distributed daily as basic income to users. Consider GoodDollar’s money flow graphic, highlighting the nine key stages, from Supporters’ staking to Claimers receiving daily basic income.

GoodDollar Money Flow

For those who are interested to understand in even more detail, the GoodDollar White Paper explains all the key monetary policy and monetary tools. The below notes, on our smart contract architecture, should assist, too.

Smart Contract Architecture

  • Supporter “stakes” cryptoasset to GoodStaking contract 
    • Currently only accepting stakes in DAI
  • GoodStaking deposits crypto-asset to a permissionless protocol
    • Currently integrated only with Compound
  • Permissionless protocol issues a “staking token”: cDAI 
  • GoodStaking issues a non-transferable record to the Supporter’s wallet
    • Supporter can withdraw “stake” at any time
  • GoodDAO contract sends a daily request to GoodStaking to collect earned interest
  • GoodStaking sends interest to GoodReserve
  • GoodDAO triggers the GoodReserve to mint G$ and sends newly minted G$ to the GoodDAO. G$ minted are used for interest yield-payouts (currently inactive) and a pool of daily basic income 
    • Interest payouts are sent back to GoodStaking (currently inactive)
  • GoodDAO sends G$ for pool of daily basic income to the UBI Scheme Smart Contract, via the Fuse bridge
  • G$ in the UBI Scheme Smart Contract is divided between all “active” users/Claimers
  • Each Claimer has a 24-hour window to log-in and claim their share of the daily basic income pool

GoodDollar’s Core Smart Contracts And API

The GoodDollar Protocol is deployed on both the Ethereum mainnet and on the Fuse sidechain. Contracts like the GoodReserve are only on mainnet, and other contracts like the UBIScheme are only on the Fuse sidechain. Certain contracts, such as the DAO and G$ Token contracts, are deployed on both networks.

Here are all of the smart contract functions and source code / addresses listed in one convenient place, just for you.


Contract
MainnetFuseSource code
GoodDollar ERC200x67C5870b4A41D4Ebef24d2456547A03F1f3e094B0x495d133B938596C9984d462F007B676bDc57eCECGoodDollar.sol
Identity0x76e76e10Ac308A1D54a00f9df27EdCE4801F288b0xFa8d865A962ca8456dF331D78806152d3aC5B84FIdentity.sol
GoodStaking0xEa12bB3917cf6aE2FDE97cE4756177703426d41FSimpleDAIStaking.sol
GoodReserve0x5C16960F2Eeba27b7de4F1F6e84E616C1977e070GoodReserveCDai.sol
GoodFundManager0xbDFD60f3aE73329D33ebe17d78383DEfd72643AdGoodFundManager.sol
GoodMarketMaker0xEDbE438Cd865992fDB72dd252E6055A71b02BE72GoodMarketMaker.sol
ContributionCalculation0x8eEC64bb6807c0178f96277cCE6a334B4e565E5CContributionCalculation.sol
UBIScheme0xAACbaaB8571cbECEB46ba85B5981efDB8928545eUBIScheme.sol
FirstClaimPool0x18BcdF79A724648bF34eb06701be81bD072A2384FirstClaimPool.sol
AdminWallet0x9F75dAcB77419b87f568d417eBc84346e134144EAdminWallet.sol
OneTimePayments0xd9Aa86e0Ddb932bD78ab8c71C1B98F83cF610Bd4OneTimePayments.sol

Resources

Other Ways To Get Involved

Again, only bug bounty submissions that are sent to Hadar@gooddollar.org will be accepted! 

4
grants

Leave a Reply

Your email address will not be published. Required fields are marked *