Otacon - Research & Development
  • Welcome
  • Overview
  • Cybersecurity
    • Landscape
    • Attacks
    • Damage
    • Defenses
    • Outlook
  • Bounty
    • Programs
    • Manual
    • Assisted by Computers
    • Assisted by Humans
  • Otacon
    • Overview
    • Bug Scanning
    • Bug-to-Token Conversion
    • Proof of Concept
    • Submission
    • Revenue Share
    • Revenue Modifiers
  • Future
    • Scanning Accuracy
    • Scanning Agency
    • Roadmap
  • More
    • Tokenomics
      • OTACON Utility
      • OTACON Supply
      • OTACON Allocation
      • OTACON Fees
      • OTACON Burn
    • Smart Contracts
    • Liquidity Management
    • Team
  • Otacon [version 1.0]
    • Bug Bounty Management
    • Beta Test Plan
    • Bug Bounty Simulations
Powered by GitBook
On this page
  • 1. Introduction
  • 2. Becoming a Bounty Program Manager
  • 3. Becoming a Validator
  • 4. Becoming a Bounty Hunter
  • 5. Validating Proofs and Distributing Rewards
  • 6. Claiming Bounty Shares
  • 7. Diagrams
  1. Otacon [version 1.0]

Beta Test Plan

This comprehensive, step-by-step test plan will guide you through the process of interacting with the Otacon smart contract, allowing you to experience the platform as a Bounty Program Manager, a Validator, or a Bounty Hunter.

1. Introduction

The Otacon platform is a decentralized bug bounty hunting ecosystem where participants can:

  • Bounty Program Managers: Create and manage bug bounty programs.

  • Validators: Validate reported bugs and proofs submitted by bounty hunters.

  • Bounty Hunters: Find vulnerabilities, submit proofs, and earn rewards.

This test plan aims to simulate real-world interactions with the Otacon smart contract, helping users understand its functionalities and workflows.

2. Becoming a Bounty Program Manager

As a bounty program manager, you'll create and manage bug bounty programs.

Creating a Bounty

Step 1: Set Up Collectible Contracts

Ensure the OtaconBountyRegistry contract is aware of the collectible contract addresses:

await otaconRegistry.setProofCollectibleContract(proofCollectibleAddress);
await otaconRegistry.setSnippetCollectibleContract(snippetCollectibleAddress);
await otaconRegistry.setBountyPassCollectibleContract(bountyPassCollectibleAddress);
await otaconRegistry.setMultiplierCollectible(
  MultiplierTier.S,
  multiplierCollectibleAddress,
  ethers.utils.parseUnits('2', 18), // 2x multiplier
  0 // Collectible type ID
);

Step 2: Prepare Bounty Parameters

Define the bounty creation parameters:

const bountyParams = {
  targetContract: '0xTargetContractAddress',
  rewards: [
    ethers.utils.parseUnits('1000', 18), // Severity 0
    ethers.utils.parseUnits('2000', 18), // Severity 1
    ethers.utils.parseUnits('3000', 18), // Severity 2
    ethers.utils.parseUnits('4000', 18), // Severity 3
  ],
  rewardToken: '0xRewardTokenAddress', // ERC20 token used for rewards
  requireSnippet: true,
  targetNetwork: ethers.utils.formatBytes32String('Ethereum'),
  targetEnvironment: ethers.utils.formatBytes32String('Mainnet'),
  validators: [], // Initial validators, can be empty
};

Step 3: Pay Bounty Creation Fee

You can pay the fee using one of three options:

  1. Otacon Tokens

    • Approve Otacon tokens for transfer:

      const otaconToken = new ethers.Contract(otaconTokenAddress, erc20ABI, signer);
await otaconToken.approve(otaconRegistry.address, otaconFee);

    • Set useOtaconToken to true when calling startBounty.

  2. ETH

    • Send the required ETH amount with the transaction.

    • Set useETH to true.

  3. Bounty Pass Collectible

    • Ensure you own a Bounty Pass collectible.

    • Approve the Bounty Pass for transfer:

      const bountyPassCollectible = new ethers.Contract(bountyPassCollectibleAddress, erc1155ABI, signer);
await bountyPassCollectible.setApprovalForAll(otaconRegistry.address, true);

    • Provide the bountyPassTokenId when calling startBounty.

Step 4: Create the Bounty

const tx = await otaconRegistry.startBounty(bountyParams, useOtaconToken, useETH, bountyPassTokenId, {
  value: ethFee, // Include this if using ETH
});
await tx.wait();
console.log('Bounty created successfully!');

3. Becoming a Validator

Validators are responsible for reviewing and validating proofs submitted by bounty hunters.

Step 1: Request to Become a Validator

Contact the Bounty Program Manager or the Otacon Protocol Owner to be added as a validator for a specific bounty.

Step 2: Manager Adds Validator

const tx = await otaconRegistry.addValidator(bountyId, validatorAddress);
await tx.wait();
console.log(`Validator ${validatorAddress} added to bounty ${bountyId}.`);

4. Becoming a Bounty Hunter

Bounty hunters find vulnerabilities and submit proofs to earn rewards.

Staking a ProofCollectible

Step 1: Obtain a ProofCollectible

Acquire a ProofCollectible (ERC721 token) representing your discovered bug.

Step 2: Approve and Stake the ProofCollectible

const proofCollectible = new ethers.Contract(proofCollectibleAddress, erc721ABI, signer);
await proofCollectible.approve(otaconRegistry.address, proofCollectibleId);

const tx = await otaconRegistry.stakeProofCollectible(bountyId, proofCollectibleId);
await tx.wait();
console.log(`ProofCollectible ${proofCollectibleId} staked to bounty ${bountyId}.`);

Staking a SnippetCollectible

If the bounty requires a code snippet:

Step 1: Obtain a SnippetCollectible

Acquire a SnippetCollectible (ERC721 token) containing your code snippet.

Step 2: Approve and Stake the SnippetCollectible

const snippetCollectible = new ethers.Contract(snippetCollectibleAddress, erc721ABI, signer);
await snippetCollectible.approve(otaconRegistry.address, snippetCollectibleId);

const tx = await otaconRegistry.stakeSnippetCollectible(bountyId, snippetCollectibleId);
await tx.wait();
console.log(`SnippetCollectible ${snippetCollectibleId} staked to bounty ${bountyId}.`);

5. Validating Proofs and Distributing Rewards

Step 1: Validator Validates the Proof

const tx = await otaconRegistry.validateProof(bountyId, proofCollectibleId, severity);
await tx.wait();
console.log(`ProofCollectible ${proofCollectibleId} validated for bounty ${bountyId}.`);

  • Severity: An integer representing the severity level (0-3).

Step 2: Reward Distribution

Upon validation:

  • The bounty hunter receives their reward minus the protocol fee.

  • The protocol fee accumulates in the contract.

6. Claiming Bounty Shares

Participants who have staked multipliers can claim a share of the protocol bounty rewards.

Step 1: Stake a MultiplierCollectible

Step 1.1: Obtain MultiplierCollectible

Acquire a MultiplierCollectible (ERC1155 token) of a specific tier.

Step 1.2: Approve and Stake the MultiplierCollectible

const multiplierCollectible = new ethers.Contract(multiplierCollectibleAddress, erc1155ABI, signer);
await multiplierCollectible.setApprovalForAll(otaconRegistry.address, true);

const tx = await otaconRegistry.stakeMultiplierCollectible(bountyId, multiplierTier, amount);
await tx.wait();
console.log(`Staked ${amount} multiplier(s) of tier ${multiplierTier} to bounty ${bountyId}.`);

Step 2: Claim Your Share

const tx = await otaconRegistry.claimBountyShare(bountyId);
await tx.wait();
console.log(`Bounty share claimed for bounty ${bountyId}.`);

  • The contract calculates your share based on your staked multiplier.

  • MultiplierCollectibles are burned upon claiming.

7. Diagrams

Workflow Overview

Below is a simplified diagram of the Otacon workflow:

+----------------------+          +----------------------+          +----------------------+
|                      |          |                      |          |                      |
|  Bounty Program      |          |     Validators       |          |    Bounty Hunters    |
|      Manager         |          |                      |          |                      |
+----------+-----------+          +-----------+----------+          +-----------+----------+
           |                                  |                                 |
           |                                  |                                 |
           | 1. Create Bounty                 |                                 |
           +--------------------------------->|                                 |
           |                                  |                                 |
           |                                  | 2. Validate Proofs              |
           |                                  |<-------------------------------+
           |                                  |                                 |
           |                                  |                                 |
           |                                  |                                 |
           |                                  |                                 |
           |                                  |                                 |
+----------v-----------+          +-----------v----------+          +-----------v----------+
|                      |          |                      |          |                      |
|   Otacon Bounty      |          |    Smart Contracts   |          |   Collectibles       |
|      Registry        |          |                      |          |                      |
+----------------------+          +----------------------+          +----------------------+

Explanation:

  1. Bounty Creation: The Bounty Program Manager creates a bounty by interacting with the Otacon Bounty Registry.

  2. Proof Submission: Bounty Hunters find vulnerabilities and stake their ProofCollectibles to the bounty.

  3. Validation: Validators review the proofs and validate them.

  4. Rewards Distribution: Upon validation, rewards are distributed to the bounty hunters, and protocol fees are accumulated.

  5. Bounty Share Claim: Participants who have staked MultiplierCollectibles can claim a share of the protocol fees.

PreviousBug Bounty ManagementNextBug Bounty Simulations

Last updated 7 months ago