Beta Test Plan

This comprehensive, step-by-step test plan will guide you through the process of interacting with the Otacon smart contract, allowing you to experience the platform as a Bounty Program Manager, a Validator, or a Bounty Hunter.

1. Introduction

The Otacon platform is a decentralized bug bounty hunting ecosystem where participants can:

Bounty Program Managers: Create and manage bug bounty programs.
Validators: Validate reported bugs and proofs submitted by bounty hunters.
Bounty Hunters: Find vulnerabilities, submit proofs, and earn rewards.

This test plan aims to simulate real-world interactions with the Otacon smart contract, helping users understand its functionalities and workflows.

2. Becoming a Bounty Program Manager

As a bounty program manager, you'll create and manage bug bounty programs.

Creating a Bounty

Step 1: Set Up Collectible Contracts

Ensure the OtaconBountyRegistry contract is aware of the collectible contract addresses:

await otaconRegistry.setProofCollectibleContract(proofCollectibleAddress);
await otaconRegistry.setSnippetCollectibleContract(snippetCollectibleAddress);
await otaconRegistry.setBountyPassCollectibleContract(bountyPassCollectibleAddress);
await otaconRegistry.setMultiplierCollectible(
  MultiplierTier.S,
  multiplierCollectibleAddress,
  ethers.utils.parseUnits('2', 18), // 2x multiplier
  0 // Collectible type ID
);

Step 2: Prepare Bounty Parameters

Define the bounty creation parameters:

const bountyParams = {
  targetContract: '0xTargetContractAddress',
  rewards: [
    ethers.utils.parseUnits('1000', 18), // Severity 0
    ethers.utils.parseUnits('2000', 18), // Severity 1
    ethers.utils.parseUnits('3000', 18), // Severity 2
    ethers.utils.parseUnits('4000', 18), // Severity 3
  ],
  rewardToken: '0xRewardTokenAddress', // ERC20 token used for rewards
  requireSnippet: true,
  targetNetwork: ethers.utils.formatBytes32String('Ethereum'),
  targetEnvironment: ethers.utils.formatBytes32String('Mainnet'),
  validators: [], // Initial validators, can be empty
};

Step 3: Pay Bounty Creation Fee

You can pay the fee using one of three options:

Otacon Tokens

Approve Otacon tokens for transfer:

const otaconToken = new ethers.Contract(otaconTokenAddress, erc20ABI, signer);
await otaconToken.approve(otaconRegistry.address, otaconFee);

Set useOtaconToken to true when calling startBounty.

ETH
- Send the required ETH amount with the transaction.
- Set useETH to true.

Bounty Pass Collectible

Ensure you own a Bounty Pass collectible.

Approve the Bounty Pass for transfer:

const bountyPassCollectible = new ethers.Contract(bountyPassCollectibleAddress, erc1155ABI, signer);
await bountyPassCollectible.setApprovalForAll(otaconRegistry.address, true);

Provide the bountyPassTokenId when calling startBounty.

Step 4: Create the Bounty

const tx = await otaconRegistry.startBounty(bountyParams, useOtaconToken, useETH, bountyPassTokenId, {
  value: ethFee, // Include this if using ETH
});
await tx.wait();
console.log('Bounty created successfully!');

3. Becoming a Validator

Validators are responsible for reviewing and validating proofs submitted by bounty hunters.

Step 1: Request to Become a Validator

Contact the Bounty Program Manager or the Otacon Protocol Owner to be added as a validator for a specific bounty.

Step 2: Manager Adds Validator

const tx = await otaconRegistry.addValidator(bountyId, validatorAddress);
await tx.wait();
console.log(`Validator ${validatorAddress} added to bounty ${bountyId}.`);

4. Becoming a Bounty Hunter

Bounty hunters find vulnerabilities and submit proofs to earn rewards.

Staking a ProofCollectible

Step 1: Obtain a ProofCollectible

Acquire a ProofCollectible (ERC721 token) representing your discovered bug.

Step 2: Approve and Stake the ProofCollectible

const proofCollectible = new ethers.Contract(proofCollectibleAddress, erc721ABI, signer);
await proofCollectible.approve(otaconRegistry.address, proofCollectibleId);

const tx = await otaconRegistry.stakeProofCollectible(bountyId, proofCollectibleId);
await tx.wait();
console.log(`ProofCollectible ${proofCollectibleId} staked to bounty ${bountyId}.`);

Staking a SnippetCollectible

If the bounty requires a code snippet:

Step 1: Obtain a SnippetCollectible

Acquire a SnippetCollectible (ERC721 token) containing your code snippet.

Step 2: Approve and Stake the SnippetCollectible

const snippetCollectible = new ethers.Contract(snippetCollectibleAddress, erc721ABI, signer);
await snippetCollectible.approve(otaconRegistry.address, snippetCollectibleId);

const tx = await otaconRegistry.stakeSnippetCollectible(bountyId, snippetCollectibleId);
await tx.wait();
console.log(`SnippetCollectible ${snippetCollectibleId} staked to bounty ${bountyId}.`);

5. Validating Proofs and Distributing Rewards

Step 1: Validator Validates the Proof

const tx = await otaconRegistry.validateProof(bountyId, proofCollectibleId, severity);
await tx.wait();
console.log(`ProofCollectible ${proofCollectibleId} validated for bounty ${bountyId}.`);

Severity: An integer representing the severity level (0-3).

Step 2: Reward Distribution

Upon validation:

The bounty hunter receives their reward minus the protocol fee.
The protocol fee accumulates in the contract.

6. Claiming Bounty Shares

Participants who have staked multipliers can claim a share of the protocol bounty rewards.

Step 1: Stake a MultiplierCollectible

Step 1.1: Obtain MultiplierCollectible

Acquire a MultiplierCollectible (ERC1155 token) of a specific tier.

Step 1.2: Approve and Stake the MultiplierCollectible

const multiplierCollectible = new ethers.Contract(multiplierCollectibleAddress, erc1155ABI, signer);
await multiplierCollectible.setApprovalForAll(otaconRegistry.address, true);

const tx = await otaconRegistry.stakeMultiplierCollectible(bountyId, multiplierTier, amount);
await tx.wait();
console.log(`Staked ${amount} multiplier(s) of tier ${multiplierTier} to bounty ${bountyId}.`);

const tx = await otaconRegistry.claimBountyShare(bountyId);
await tx.wait();
console.log(`Bounty share claimed for bounty ${bountyId}.`);

The contract calculates your share based on your staked multiplier.
MultiplierCollectibles are burned upon claiming.

7. Diagrams

Workflow Overview

Below is a simplified diagram of the Otacon workflow:

+----------------------+          +----------------------+          +----------------------+
|                      |          |                      |          |                      |
|  Bounty Program      |          |     Validators       |          |    Bounty Hunters    |
|      Manager         |          |                      |          |                      |
+----------+-----------+          +-----------+----------+          +-----------+----------+
           |                                  |                                 |
           |                                  |                                 |
           | 1. Create Bounty                 |                                 |
           +--------------------------------->|                                 |
           |                                  |                                 |
           |                                  | 2. Validate Proofs              |
           |                                  |<-------------------------------+
           |                                  |                                 |
           |                                  |                                 |
           |                                  |                                 |
           |                                  |                                 |
           |                                  |                                 |
+----------v-----------+          +-----------v----------+          +-----------v----------+
|                      |          |                      |          |                      |
|   Otacon Bounty      |          |    Smart Contracts   |          |   Collectibles       |
|      Registry        |          |                      |          |                      |
+----------------------+          +----------------------+          +----------------------+

Explanation:

Bounty Creation: The Bounty Program Manager creates a bounty by interacting with the Otacon Bounty Registry.
Proof Submission: Bounty Hunters find vulnerabilities and stake their ProofCollectibles to the bounty.
Validation: Validators review the proofs and validate them.
Rewards Distribution: Upon validation, rewards are distributed to the bounty hunters, and protocol fees are accumulated.
Bounty Share Claim: Participants who have staked MultiplierCollectibles can claim a share of the protocol fees.

PreviousBug Bounty Management NextBug Bounty Simulations

Last updated 1 year ago

hashtag1. Introduction

hashtag2. Becoming a Bounty Program Manager

hashtagCreating a Bounty

hashtag3. Becoming a Validator

hashtagStep 1: Request to Become a Validator

hashtagStep 2: Manager Adds Validator

hashtag4. Becoming a Bounty Hunter

hashtagStaking a ProofCollectible

hashtagStaking a SnippetCollectible

hashtag5. Validating Proofs and Distributing Rewards

hashtagStep 1: Validator Validates the Proof

hashtagStep 2: Reward Distribution

hashtag6. Claiming Bounty Shares

hashtagStep 1: Stake a MultiplierCollectible

hashtagStep 2: Claim Your Share

hashtag7. Diagrams

hashtagWorkflow Overview