Beta Test Plan
This comprehensive, step-by-step test plan will guide you through the process of interacting with the Otacon smart contract, allowing you to experience the platform as a Bounty Program Manager, a Validator, or a Bounty Hunter.
1. Introduction
The Otacon platform is a decentralized bug bounty hunting ecosystem where participants can:
Bounty Program Managers: Create and manage bug bounty programs.
Validators: Validate reported bugs and proofs submitted by bounty hunters.
Bounty Hunters: Find vulnerabilities, submit proofs, and earn rewards.
This test plan aims to simulate real-world interactions with the Otacon smart contract, helping users understand its functionalities and workflows.
2. Becoming a Bounty Program Manager
As a bounty program manager, you'll create and manage bug bounty programs.
Creating a Bounty
Step 1: Set Up Collectible Contracts
Ensure the OtaconBountyRegistry contract is aware of the collectible contract addresses:
await otaconRegistry.setProofCollectibleContract(proofCollectibleAddress);
await otaconRegistry.setSnippetCollectibleContract(snippetCollectibleAddress);
await otaconRegistry.setBountyPassCollectibleContract(bountyPassCollectibleAddress);
await otaconRegistry.setMultiplierCollectible(
MultiplierTier.S,
multiplierCollectibleAddress,
ethers.utils.parseUnits('2', 18), // 2x multiplier
0 // Collectible type ID
);Step 2: Prepare Bounty Parameters
Define the bounty creation parameters:
const bountyParams = {
targetContract: '0xTargetContractAddress',
rewards: [
ethers.utils.parseUnits('1000', 18), // Severity 0
ethers.utils.parseUnits('2000', 18), // Severity 1
ethers.utils.parseUnits('3000', 18), // Severity 2
ethers.utils.parseUnits('4000', 18), // Severity 3
],
rewardToken: '0xRewardTokenAddress', // ERC20 token used for rewards
requireSnippet: true,
targetNetwork: ethers.utils.formatBytes32String('Ethereum'),
targetEnvironment: ethers.utils.formatBytes32String('Mainnet'),
validators: [], // Initial validators, can be empty
};Step 3: Pay Bounty Creation Fee
You can pay the fee using one of three options:
Otacon Tokens
Approve Otacon tokens for transfer:
const otaconToken = new ethers.Contract(otaconTokenAddress, erc20ABI, signer); await otaconToken.approve(otaconRegistry.address, otaconFee);Set
useOtaconTokentotruewhen callingstartBounty.
ETH
Send the required ETH amount with the transaction.
Set
useETHtotrue.
Bounty Pass Collectible
Ensure you own a Bounty Pass collectible.
Approve the Bounty Pass for transfer:
const bountyPassCollectible = new ethers.Contract(bountyPassCollectibleAddress, erc1155ABI, signer); await bountyPassCollectible.setApprovalForAll(otaconRegistry.address, true);Provide the
bountyPassTokenIdwhen callingstartBounty.
Step 4: Create the Bounty
const tx = await otaconRegistry.startBounty(bountyParams, useOtaconToken, useETH, bountyPassTokenId, {
value: ethFee, // Include this if using ETH
});
await tx.wait();
console.log('Bounty created successfully!');3. Becoming a Validator
Validators are responsible for reviewing and validating proofs submitted by bounty hunters.
Step 1: Request to Become a Validator
Contact the Bounty Program Manager or the Otacon Protocol Owner to be added as a validator for a specific bounty.
Step 2: Manager Adds Validator
const tx = await otaconRegistry.addValidator(bountyId, validatorAddress);
await tx.wait();
console.log(`Validator ${validatorAddress} added to bounty ${bountyId}.`);4. Becoming a Bounty Hunter
Bounty hunters find vulnerabilities and submit proofs to earn rewards.
Staking a ProofCollectible
Step 1: Obtain a ProofCollectible
Acquire a ProofCollectible (ERC721 token) representing your discovered bug.
Step 2: Approve and Stake the ProofCollectible
const proofCollectible = new ethers.Contract(proofCollectibleAddress, erc721ABI, signer);
await proofCollectible.approve(otaconRegistry.address, proofCollectibleId);
const tx = await otaconRegistry.stakeProofCollectible(bountyId, proofCollectibleId);
await tx.wait();
console.log(`ProofCollectible ${proofCollectibleId} staked to bounty ${bountyId}.`);Staking a SnippetCollectible
If the bounty requires a code snippet:
Step 1: Obtain a SnippetCollectible
Acquire a SnippetCollectible (ERC721 token) containing your code snippet.
Step 2: Approve and Stake the SnippetCollectible
const snippetCollectible = new ethers.Contract(snippetCollectibleAddress, erc721ABI, signer);
await snippetCollectible.approve(otaconRegistry.address, snippetCollectibleId);
const tx = await otaconRegistry.stakeSnippetCollectible(bountyId, snippetCollectibleId);
await tx.wait();
console.log(`SnippetCollectible ${snippetCollectibleId} staked to bounty ${bountyId}.`);5. Validating Proofs and Distributing Rewards
Step 1: Validator Validates the Proof
const tx = await otaconRegistry.validateProof(bountyId, proofCollectibleId, severity);
await tx.wait();
console.log(`ProofCollectible ${proofCollectibleId} validated for bounty ${bountyId}.`);Severity: An integer representing the severity level (0-3).
Step 2: Reward Distribution
Upon validation:
The bounty hunter receives their reward minus the protocol fee.
The protocol fee accumulates in the contract.
6. Claiming Bounty Shares
Participants who have staked multipliers can claim a share of the protocol bounty rewards.
Step 1: Stake a MultiplierCollectible
Step 1.1: Obtain MultiplierCollectible
Acquire a MultiplierCollectible (ERC1155 token) of a specific tier.
Step 1.2: Approve and Stake the MultiplierCollectible
const multiplierCollectible = new ethers.Contract(multiplierCollectibleAddress, erc1155ABI, signer);
await multiplierCollectible.setApprovalForAll(otaconRegistry.address, true);
const tx = await otaconRegistry.stakeMultiplierCollectible(bountyId, multiplierTier, amount);
await tx.wait();
console.log(`Staked ${amount} multiplier(s) of tier ${multiplierTier} to bounty ${bountyId}.`);Step 2: Claim Your Share
const tx = await otaconRegistry.claimBountyShare(bountyId);
await tx.wait();
console.log(`Bounty share claimed for bounty ${bountyId}.`);The contract calculates your share based on your staked multiplier.
MultiplierCollectibles are burned upon claiming.
7. Diagrams
Workflow Overview
Below is a simplified diagram of the Otacon workflow:
+----------------------+ +----------------------+ +----------------------+
| | | | | |
| Bounty Program | | Validators | | Bounty Hunters |
| Manager | | | | |
+----------+-----------+ +-----------+----------+ +-----------+----------+
| | |
| | |
| 1. Create Bounty | |
+--------------------------------->| |
| | |
| | 2. Validate Proofs |
| |<-------------------------------+
| | |
| | |
| | |
| | |
| | |
+----------v-----------+ +-----------v----------+ +-----------v----------+
| | | | | |
| Otacon Bounty | | Smart Contracts | | Collectibles |
| Registry | | | | |
+----------------------+ +----------------------+ +----------------------+Explanation:
Bounty Creation: The Bounty Program Manager creates a bounty by interacting with the Otacon Bounty Registry.
Proof Submission: Bounty Hunters find vulnerabilities and stake their ProofCollectibles to the bounty.
Validation: Validators review the proofs and validate them.
Rewards Distribution: Upon validation, rewards are distributed to the bounty hunters, and protocol fees are accumulated.
Bounty Share Claim: Participants who have staked MultiplierCollectibles can claim a share of the protocol fees.
Last updated