About BugChan
BugChan is a decentralized bug bounty platform with on-chain escrow and client-side encryption to secure reports.
Why BugChan
Guaranteed Payouts
On-chain escrow ensures all rewards are automatically released.
Aligned Incentives
Stakes are slashed to the bounty owner for rejected reports.
Confidential & Secure
Reports are encrypted in the browser and stored on IPFS.
Transparent
Every action is on-chain and fully auditable.
Technology & Integrations
- Hardhat 3: Smart contract development and testing.
- Pyth Network: Real-time ETH/USD price feeds via Hermes SDK.
- BlockScout: Autoscout instance for inspecting and verifying transactions.
- Lighthouse: Client-side encryption and decentralized report storage.
Security Model
- Smart contracts manage escrow and payouts.
- Encrypted reports stored on IPFS; only referenced on-chain.
- Client-side encryption ensures only owners can decrypt.
- Stake mechanism deters spam submissions.
Requirements
- Sepolia testnet wallet with ETH for gas fees.
- Install MetaMask
- Get Sepolia ETH
How It Works
For Project Owners
- Lock rewards in on-chain escrow.
- Confidentially review encrypted submissions.
- Accept valid or reject invalid reports; receive slashed stakes.
- Close bounty for automatic reward distribution.
For Researchers
- Browse bounties with guaranteed pools.
- Submit encrypted findings via IPFS.
- Stake ETH per submission; one per wallet.
- Receive reward if accepted; stake refunded if bounty expires.
Rewards & Incentives
- Guaranteed escrow for all bounty rewards.
- Equal reward split among accepted submissions.
- Stake-to-submit mechanism prevents spam.
- Slashed stakes go to bounty owner if rejected.
- Stake refunded if bounty expires before review.
- One submission per wallet per bounty.
