About BugChan
BugChan is a decentralized bug bounty platform for Web3. Projects launch transparent onchain bounty programs, and researchers submit reproducible reports with a small stake to reduce spam. Rewards are distributed based on outcomes, all verifiable onchain.
Why BugChan
Budgets, reward tiers, and timelines are public and auditable.
Stake per submission discourages spam and rewards quality.
Clear scope, fast feedback, fair rewards.
Composable bounties built for Web3.
Technology
BugChan provides a decentralized bug bounty platform that operates on the Sepolia testnet. The platform uses smart contracts to track submissions, stakes, and rewards while storing encrypted vulnerability reports on IPFS.
Security Model
- On‑chain: Smart contracts record bounty details, report references, and stakes
- Off‑chain (IPFS): Bounty documentation and vulnerability reports
- Client‑side encryption: Ensures reports are only readable by authorized parties
- Stake mechanism: Researchers stake ETH to submit reports, discouraging spam
Requirements
BugChan operates on the Sepolia testnet. All interactions require a connected wallet with Sepolia ETH for transaction fees.
How it works
For project owners
- Create bounty with detailed scope and reward treasury
- Review submitted vulnerability reports
- Accept valid reports and reject invalid submissions
- Close bounty to distribute rewards to approved researchers
For security researchers
- Browse open bounties and review scope documentation
- Prepare and encrypt vulnerability reports
- Submit findings with required stake amount
- Receive rewards for accepted reports when bounty closes
Rewards & Incentives
- Projects fund a treasury that distributes rewards when the bounty closes
- Researchers must stake ETH to submit reports, which is returned upon acceptance
- Multiple submissions allowed with fixed stake amount per submission
- Rejected reports result in slashed stake; pending reports are refunded when bounty closes
- Rewards are distributed according to report quality and severity tiers