Welcome to the Bug Pub, a place to reward the right kind of attention.
Bug Pub provides a fully Web3 Bug Bounty Audit Platform for Publishing Bug Bounties and Audits.
Users now have a web3-native service for managing and participating in bug bounties and publishing security-related research / audits on packages
All Bug bounty operations are managed and interfaced via the Sui Blockchain.
Bug Pub is currently in prototype stages, and can be found here: bug-pub.vercel.app
- Lists their smart contract package on the platform with associated bounty reward
- Generates a Proof of Audit (PoA) NFT for auditer who can use it to submit a higher rated audit (e.g. blue checkmark)
- Sets list of Bounty Verifiers and Bounty Moderators
- Distribute Rewards for Audits
- Creates Security Audits Identifying Vulnerabilities in smart contracts and codebases in scope of the bounty
- Collects rewards for publishing their audits
- Verify Package Bounty Audits
- Attest Audit is an accurate package analysis report for the package + associated bounty and scope
- Optionally Rewarded with percentage of Bounty Amount if passes Verification (Opt-In)
- Escalates Quality Content
- Deletes scam, spam, and unsafe audits
- Can access audits for smart contracts to make informed decisions
- Rate audits by casting upvote/downvote
Sui Blockchain serves as the primary orchestration layer for Bug Pub services, content, and user interactions.
Bug Pub services are written as Move Packages (smart contracts)
Move is the programming language of the Sui Blockchain. It's ease-of-use, modularity, and security features provide an ideal substrate to build secure, scalable, and reactive web3 applications.
ZkLogin provides a Web2 Friendly User Login for Web3 Services (like Bug Pub). More information can be found at the offical ZkLogin Docs and ZkLogin Research Paper
Walrus is a decentralized storage solution. Bug Pub uses Walrus to store large artifacts not able to be stored on the Sui Blockchain.
- NextJS
- Vercel
The project is structured into two main directories:
app/
: Contains the front-end code.move/
: Includes the smart contracts written in Sui Move.setup/
: Includes helper functionality for publishing Move Contract