Welcome to the future of bug bounty platforms, where we leverage the power of blockchain, NFTs, and AI to revolutionize security processes. Built on the Move language and deployed on Aptos blockchain, this platform provides a decentralized, secure, and transparent way for non-tech savy project owners and technically eliquent contributors to collaborate and earn.
Explore the Demo »
Report Bug
·
Request Feature
Our decentralized bug bounty platform is reshaping the future of project development by bridging the gap between ideas and technical knowledge. Using blockchain technology, each project is listed as an NFT, giving contributors a verifiable source of truth. Built on the Aptos blockchain using the Move language, we offer secure, transparent, and efficient payments through smart contracts—ensuring that contributors are fairly compensated based on the issues they resolve.
We aim to provide a seamless, secure, and transparent bug bounty experience for both project owners and contributors. By decentralizing the process, our platform removes intermediaries, reduces delays, and ensures real-time payments for contributors who resolve issues.
Additionally, we focus on bridging the gap between creativity and technical knowledge deficiency. Anyone with an innovative idea but lacking the technical resources can come to our platform, describe their vision, and connect with technically knowledgeable contributors who can bring their ideas to life.
With our platform, project owners can transform their concepts into reality, while contributors gain the opportunity to apply their skills in impactful ways and earn money.
The above diagram illustrates the process flow from project listing to vulnerability reporting and payment distribution.
-
Project Listing as NFTs:
Every project on our platform is tokenized as a unique NFT. This ensures transparency, immutability, and a trustless environment. Contributors can verify the project’s authenticity and ownership directly on the blockchain, eliminating potential fraud and manipulation. By leveraging the decentralized nature of NFTs, project owners can prove that the project details are securely stored and immutable.They can further sell their NFT on marketplace to earn in exchange of their ownership rights.
-
AI-Assisted Issue Categorization:
AI integration allows our platform to categorize issues based on their severity efficiently. By using cutting-edge machine learning models trained on vast security data, our AI system automatically assigns issues into the appropriate tiers: Critical, High, or Low. This saves project owners time and reduces manual evaluation efforts while improving accuracy in identifying priority vulnerabilities.
-
AI-Powered Chatbot (Built with RASA):
Our platform includes an AI-powered chatbot built with RASA, designed to provide an interactive experience for users. The chatbot helps users by:- Answering questions about specific projects
- Offering suggestions for projects that align with users’ skills and interests
- Categorizing and assisting with project selection, ensuring users find the most relevant bounties
By integrating RASA, we deliver a sophisticated, conversational AI experience, ensuring users can navigate the platform efficiently and get real-time project-related information without any hassle.
-
Decentralized Contribution Management: Project owners can view all contributions related to their projects through a decentralized interface. Using NFT-based project tracking, each contribution is represented by a unique token, securely stored on the blockchain. Owners can approve or reject these contributions based on their quality. Upon approval, contributors are automatically rewarded through smart contracts, ensuring a transparent and tamper-proof process. This decentralized storage model, built on Spheron, guarantees that project data remains secure and immutable, with no reliance on centralized servers.
-
Personalized AI Recommendations:
Our platform leverages advanced AI algorithms to provide personalized project and issue recommendations tailored to each contributor's skills and expertise. By analyzing user profiles and project data, the AI ensures that contributors are matched with the most relevant tasks, maximizing their impact and productivity while aligning with their strengths. This intelligent system enhances the quality of contributions and helps contributors tackle challenges best suited to their abilities.
-
Dynamic Bounty Distribution:
Our platform provides a flexible, tier-based bounty distribution system, enabling project owners to allocate rewards dynamically. Based on the severity of identified vulnerabilities, contributors are compensated under Critical, High, and Low tiers. This ensures fair and meritocratic distribution of rewards, motivating bug hunters to resolve more significant security issues for higher incentives.
-
Automated Transaction Management:
To ensure trust and transparency between contributors and project creators, the bounty payments are securely held in smart contracts while the bounty is live. Once the bounty ends, the funds are automatically distributed among contributors based on their contributions. This feature eliminates manual handling of payments, reducing human error and increasing fairness.
-
Blockchain-Backed Payments:
Payments on our platform are facilitated through blockchain-backed smart contracts. Contributors are paid directly and securely in cryptocurrency after completing their tasks. Our smart contracts ensure instant, transparent, and trustless transactions without intermediaries, giving contributors peace of mind and a secure payment gateway.
-
Secure Contributor Rewards:
For contributors, the platform offers end-to-end security using Spheron’s decentralized storage, ensuring that all contributions and rewards remain transparent and secure. Once a contribution is approved by the project owner, the contributor is rewarded via a smart contract, eliminating the need for intermediaries. This blockchain-based solution guarantees that contributors receive their rewards without any risk of tampering or delay, as all transactions are verifiable on the public ledger.
-
Write With AI:
Our platform includes an innovative Write with AI feature that allows users to generate project descriptions automatically using AI-powered assistance. This feature leverages cutting-edge natural language processing models to create detailed and contextually accurate descriptions based on the project details provided by the user.
-
NFT Marketplace:
Our platforms also allows users to sell thier tokens to other people so that they can also earn money in exhange of the project they build. This ensures that the Project owners also do not incurr any losses in case they are not willing to ove forward with the project they once found interesting.
Here’s the revised section that introduces the code snippet, focusing on the Dynamic Bounty Distribution feature implemented in Move language:
For the Dynamic Bounty Prize Distribution feature, here’s how smart contracts can dynamically allocate bounties based on issue severity using Move:
public entry fun transaction_winners(
deployer: &signer,
project_id: u64,
high: u64,
critical: u64,
low: u64
) acquires ProjectMapping, {
let project_mapping = borrow_global<ProjectMapping>(@account_address);
let all_projects = project_mapping.projects;
let projectMain =simple_map::borrow(&mut all_projects,&project_id);
let project = projectMain.contributors;
let len = vector::length(&project);
let mp:SimpleMap<address,u64> = simple_map::create();
for (i in 0..len) {
let contributor = vector::borrow(&project,i);
let amount:u64 = 0;
if(contributor.level == string::utf8(b"High")) {
amount = projectMain.high_bounty/high;
} else if(contributor.level == string::utf8(b"Critical")) {
amount = projectMain.critical_bounty/critical;
} else amount = projectMain.low_bounty/low;
if(simple_map::contains_key(&mut mp,&contributor.issuer)==false) {
simple_map::add(&mut mp, contributor.issuer,amount);
} else {
let tmp:u64 = *simple_map::borrow(&mut mp,&contributor.issuer);
amount = amount + tmp;
simple_map::upsert(&mut mp,contributor.issuer,amount );
};
};
for (i in 0..len) {
let contributor = vector::borrow(&project,i);
if(simple_map::contains_key(&mut mp,&contributor.issuer)==true) {
let value = *simple_map::borrow(&mut mp,&contributor.issuer);
let add:address = @account_address;
transfer(deployer, contributor.issuer, value);
};
};
}initialize: reads the required contributors of the projectallocates bounty: Allows the owner to allocate rewards based on the severity of reported issues (Critical, High, Low).send bounties: Enables contributors to get the allocated bounties.
To showcase the AI-Assisted Issue Categorization, we developed a chatbot using RASA that helps users find relevant projects based on their prompts and can provide detailed information about specific projects.
The RASA chatbot utilizes natural language processing to understand user queries and suggest projects that align with their interests. Below is a simplified implementation highlighting key components of the RASA framework:
# config.yml - RASA configuration file
language: en
pipeline:
- name: WhitespaceTokenizer
- name: CountVectorsFeaturizer
- name: DIETClassifier
- name: EntitySynonymMapper
- name: ResponseSelector
- name: DialoguePolicy
# domain.yml - RASA domain file
intents:
- greet
- ask_projects
- request_details
responses:
utter_greet:
- text: "Hello! How can I assist you today?"
utter_ask_projects:
- text: "I can help you find projects based on your interests. What are you looking for?"
utter_project_details:
- text: "Here are the details of the project you're interested in: {project_name}"
# stories.yml - Example user stories
stories:
- story: greet and ask for projects
steps:
- intent: greet
- action: utter_greet
- intent: ask_projects
- action: utter_ask_projects- Project Recommendations: The chatbot understands user prompts to suggest relevant projects based on their interests and requirements.
- Detailed Information: Users can request more information about specific projects, and the chatbot provides insights on features, technology stacks, and more.
- Interactive Experience: Users can engage in a conversation with the chatbot, making it easier to find projects that suit their needs.
This RASA-powered chatbot enhances user experience by leveraging AI to provide tailored project recommendations and information, streamlining the process of finding suitable projects within our platform.
-
Cross-Chain and Multi-Blockchain Integration Interoperability: You could expand your platform to support other blockchains (besides Aptos), allowing users to choose which blockchain best fits their project. This increases flexibility and attracts a wider audience. Cross-Chain Bounties: Introduce cross-chain bug bounty programs where projects and rewards can be hosted on multiple blockchains, encouraging contributors from various ecosystems to participate.
-
Enhanced Security Tools for Contributors Automated Vulnerability Scanners: Offer contributors AI-based automated vulnerability scanning tools that can provide them with a head start on identifying potential issues in a project. On-Chain Auditing: Develop on-chain auditing mechanisms where projects can be automatically audited and verified for their security practices before being listed, providing an additional layer of trust.
-
Reputation System Introduce a tokenized reputation system where contributors build reputation scores based on their work quality. High-reputation contributors could access exclusive bounties or higher-tier projects.
-
Real-Time Collaboration Tools Develop real-time collaborative environments where contributors can work together on issues. Contributors can stream their debugging sessions, share screens, or collaborate in real-time while solving complex problems.
-
AI-Powered Bug Bounty Prediction Using machine learning models, you could predict potential areas in a project that are most vulnerable, giving contributors an edge and improving overall platform effectiveness.
-
Metaverse-Enabled Bug Bounties Explore creating virtual spaces in the metaverse where contributors can collaborate and solve issues together, providing a more immersive experience.
- Blockchain Platform: Aptos Blockchain
- Smart Contracts: Written in Move Language
- AI: Automated Issue Categorization
- Payments: Cryptocurrency Transactions via Blockchain
- Petro Wallet: Make sure you have a Petro Wallet to connect. You can either:
- Download the Petro Wallet from the Chrome Extension Store.
- Web2 Onboarding:Without Petro wallet one can also onboard using gmail.
- Alternatively, sign in using Google for Web2 onboarding (No need of wallet).
Once you have the prerequisites, follow these steps to set up the bug bounty platform locally:
-
Clone the repository:
git clone https://github.com/Dis1309/spheron
-
Navigate to the project directory:
cd web -
Install dependencies:
npm install
To see the platform in action, check out the demo or refer to the example usage guide in the documentation:
Here's the adjusted content presented as a topic within the same page, maintaining coherence and clarity:
Here’s a detailed overview of our decentralized project management platform, structured to present everything clearly and visually engaging. This includes outputs in the form of images and GIFs to enhance understanding.
- Blockchain Technology: Aptos
- Smart Contracts Language: Move, rust
- Web Framework: Next.js, Node.js
- Languages:Typescript, Javascript
- Integration- wallet-adapter, Provider, Typecript-sdk, petra-wallet
- Database: MongoDB
- Styling: TailwindCSS,Shadcn/ui,acertanityui, gsap animaton library
- AI Frameworks: TensorFlow, Keras, RASA
- Version Control: Git
| Account Address| 0x7bf84486bf9b0e0b96226927e6f3c1b5a35c96ef4d8300f699d8341ef50aa35b
| Module Address | 0x7bf84486bf9b0e0b96226927e6f3c1b5a35c96ef4d8300f699d8341ef50aa35b
Check-Out Module Address On Aptos Testnet Scan
Join us in revolutionizing bug bounty platforms! Whether you're a security researcher, a project owner, or an enthusiast, we welcome you to contribute, report bugs, or share your feedback.
- Contribute to Development: Check our GitHub Repository for contribution guidelines.
