Skip to content

Instantly share code, notes, and snippets.

View 0xKorok's full-sized avatar

Korok 0xKorok

1 follower · 8 following
View GitHub Profile
@0xKorok
0xKorok / protocol-guide.md
Last active December 2, 2024 07:35
Guide for protocols participating in IndependentDisclosure - a framework for receiving and assessing security vulnerability disclosures

IndependentDisclosure (Protocol Guide)

IndependentDisclosure is a peer-to-peer vulnerability disclosure framework that combines smart contracts with carefully structured off-chain processes to enable fair and transparent security disclosures.

This guide outlines the process from the protocol's perspective, explaining what to expect and how to participate. A guide from the researcher's perspective can be found here.

Git Safety Tips

@0xKorok
0xKorok / researcher-guide.md
Last active December 2, 2024 07:27
Guide for security researchers using IndependentDisclosure - a peer-to-peer framework for responsible vulnerability disclosure

IndependentDisclosure (Researcher Guide)

IndependentDisclosure is a simple smart contract designed to be combined with carefully structured off-chain processes to enable effective and fair peer-to-peer vulnerability disclosure.

This guide outlines the process from the researcher's perspective. For the protocol's perspective, check here.

Git Safety Tips

@0xKorok
0xKorok / GradualDisclosureProcess.md
Created November 23, 2024 04:09
Gradual Disclosure Process (GDP) - a structured ethical approach to vulnerability disclosure.

Gradual Disclosure Process Flow

graph TD
    A[Initial Contact] --> B{Response?}
    B -->|Yes| C[Begin Negotiation]
    B -->|No| D[Extended Contact - 48h Window]
    D --> E{Response?}
 E -->|Yes| C
@0xKorok
0xKorok / IndependentDisclosure.sol
Last active November 26, 2024 02:08
Independent Disclosure is a public good: A decentralized, fair, and transparent peer-to-peer vulnerability disclosure process for responsible collaboration between security researchers and protocols.
// SPDX-License-Identifier: MIT
pragma solidity 0.8.28;
/**
* @title IndependentDisclosure
* @notice Manages independent vulnerability disclosure negotiations between researchers and protocols
* @dev Implements a two-phase acceptance process: initial terms for disclosure access,
* followed by negotiation and final terms acceptance
* @dev All terms (severity, payment, etc) are handled off-chain through private GitHub repository
*/
@0xKorok
0xKorok / TrustlessDisclosure.sol
Last active November 19, 2024 08:07
Trustless Disclosure is a public good: an on-chain agreement designed to protect bounty hunters. It can be used independently of the TrustlessDAO system, free of charge, via direct deployment.
// SPDX-License-Identifier: MIT
pragma solidity 0.8.28;
interface IERC20 {
function transfer(address to, uint256 value) external returns (bool);
function transferFrom(address from, address to, uint256 value) external returns (bool);
function balanceOf(address account) external view returns (uint256);
}
interface IDisclosureFactory {