Proof of Concept

In certain bounty programs, a valid Proof of Bug submission will require a Proof of Concept (PoC), a program that reproduces the bug documented by the collectible.

This process begins with the extraction and analysis of the data encoded within the Proof of Bug, which includes comprehensive details about the bug such as its type, the affected code, its severity and potentially exploitable conditions.

The PoC code is then crafted by the prototyping component of Otacon, using the information derived from the collectible.

This code, or script, is designed to exploit the bug safely within a controlled environment, demonstrating the vulnerability’s potential impact without causing actual harm. The creation of the PoC is a critical step as it transforms theoretical vulnerability information into tangible, actionable insight, confirming the existence and severity of the vulnerability through practical demonstration.

Once the PoC code is developed, it is deployed in a dedicated test environment. This environment is isolated from production systems to prevent any real-world damage and simulates the conditions under which the vulnerability exists, but within a secure sandbox. The execution of the PoC allows the Bounty Program owner to observe the vulnerability in action, providing clear evidence of how an attack could occur.