Blockstack Bug & Tooling Bounties

How To Participate Bug Bounty

1. Help improve the security of Stacks 2.0. Those who disclose bugs and the techniques they used to exploit them are rewarded.

2. Submit a bug report

Critical bugs

Maximum $2,000 USD in BTC per bug

• Bugs that cause a chain split
• Bugs that cause state corruption
• Bugs that enable funds to be stolen
• Taking over the network or bringing it to a halt

Major bugs

Maximum $1,000 USD in BTC per bug

• Less severe performance or correctness bugs
• DDoS or stress-test attacks that slow the network down significantly
• Bugs that cause resource exhaustion
• When expected functionality does not work in obvious ways

Minor bugs

Maximum $100 USD in BTC per bug

• Bugs in non-critical software such as the CLI or user interfaces
   

How To Participate Tooling & Resource bounties

Active tool bounties

New templates for the Clarity Starter Kit

1. Look at popular ERC proposals for inspiration
2. Submit your template(s) as a PR to the Clarity JS SDK repo on Github

Rewards for building specific tools and resources on Proof of Transfer (PoX).
 

• $100 USD in Bitcoin per template
• For developers to learn and extend. Must include Clarity code and tests to be considered. The top 10 templates will be rewarded.
   

Linter for Clarity smart contracts

$1,000 USD in Bitcoin

Bonus points if you include a plug-in for an editor that formats code and highlights any errors. The top linter will be rewarded.
 

Do:

• Check for matching parentheses
• Find and fix whitespacing that doesn't conform to code style
• Support for configuring specific linting rules, with sane defaults
• Build in a language that compiles to Javascript
• Build something that is easily integrated in any editor
   

Don't:

• Check for type errors
• Validate variable and function names
• Build something that only works for one editor
   

Submit your linter as a PR to the Clarity JS SDK repo on Github

Upcoming tool bounties

Telemetry dashboard

$2,500 USD in Bitcoin

Shows where other miners are and how healthy the network is. Good examples are https://ethstats.net & https://telemetry.polkadot.io/. The top 3 dashboards will be rewarded.
 

Do:

• Build something that is real time
• Find and display information that is unique to Clarity and Proof of Transfer
• Be creative — think about different metrics or views to build in
   

Don't:

• Build a copy of the Blockstack Explorer
   

To submit your dashboard, add a link to it in a new issue in the Bounties repo on Github

Live Stacking calculator

$2,500 USD in Bitcoin

Submit all info and a link to the repo with your submission as a PR to the Bounties repo on Github.The top calculator will be rewarded.
 

Do:

• Be creative with the metrics you include above those listed in the bounty description
• Consider the two target audiences: current Stackers or people thinking about Stacking. What would make this most useful to both of those groups?
• Incorporate historical and live data
• Think about incorporating data from outside sources (exchanges, oracles, etc.)
   

To submit your Stacking calculator, add a link to it in a new issue in the Bounties repo on Github

Terms

Services in scope

Code in the following GitHub repositories: stacks-blockchain, docs.blockstack, cli-blockstack, ux, stacks-transactions-js, stacks-blockchain-sidecar, explorer, bounties, clarity js sdk.
 

Exclusions

While testing, you must refrain from:

• Denial-of-service attacks
• Spamming
• Social engineering (including phishing) of Blockstack employees or contractors
• Any physical attempts against Blockstack property or data centers
• Violating any law or disrupting or compromising any data that is not your own
   

Eligibility

• To receive a reward, you must be at least 14 years old. If you are under the age of majority in your jurisdiction, you may need parental or guardian permission to participate.
• To receive a reward, you may be required to complete and submit to us an IRS tax form (e.g., Form W-8 or W-9) containing personal information.
• Blockstack employees, contractors, and immediate family members are ineligible to receive a reward.
• We are unable to issue rewards to individuals who are on U.S. sanctions lists, or who are in countries (e.g., Cuba, Iran, North Korea, Sudan, and Syria) on U.S. sanctions lists.
• There may be additional restrictions on your ability to participate depending upon your local law.
   

Legal points

By submitting, you agree to these terms and conditions. We have sole discretion to decide whether a submission wins an award. We may modify these terms and conditions or terminate this program at any time in our sole discretion.

We expect to pay a winner their reward within approximately six weeks of determining the winner and receiving all necessary documentation for processing payment, including completed tax forms. You are responsible for any tax implications of receiving a reward depending on your country of residency and citizenship.

These terms shall be governed by and construed in accordance with the laws of the State of New York without reference to its conflicts of laws provisions.