graph TD
A[Initial Contact] --> B{Response?}
B -->|Yes| C[Begin Negotiation]
B -->|No| D[Extended Contact - 48h Window]
D --> E{Response?}
E -->|Yes| C
Korok 0xKorok
0xKorok
/ TrustlessDisclosure.sol
Last active
November 19, 2024 08:07
Trustless Disclosure is a public good: an on-chain agreement designed to protect bounty hunters. It can be used independently of the TrustlessDAO system, free of charge, via direct deployment.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: MIT | |
| pragma solidity 0.8.28; | |
| interface IERC20 { | |
| function transfer(address to, uint256 value) external returns (bool); | |
| function transferFrom(address from, address to, uint256 value) external returns (bool); | |
| function balanceOf(address account) external view returns (uint256); | |
| } | |
| interface IDisclosureFactory { |
0xKorok
/ IndependentDisclosure.sol
Last active
November 26, 2024 02:08
Independent Disclosure is a public good: A decentralized, fair, and transparent peer-to-peer vulnerability disclosure process for responsible collaboration between security researchers and protocols.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: MIT | |
| pragma solidity 0.8.28; | |
| /** | |
| * @title IndependentDisclosure | |
| * @notice Manages independent vulnerability disclosure negotiations between researchers and protocols | |
| * @dev Implements a two-phase acceptance process: initial terms for disclosure access, | |
| * followed by negotiation and final terms acceptance | |
| * @dev All terms (severity, payment, etc) are handled off-chain through private GitHub repository | |
| */ |
0xKorok
/ GradualDisclosureProcess.md
Created
November 23, 2024 04:09
Gradual Disclosure Process (GDP) - a structured ethical approach to vulnerability disclosure.
0xKorok
/ researcher-guide.md
Last active
December 2, 2024 07:27
Guide for security researchers using IndependentDisclosure - a peer-to-peer framework for responsible vulnerability disclosure
IndependentDisclosure is a simple smart contract designed to be combined with carefully structured off-chain processes to enable effective and fair peer-to-peer vulnerability disclosure.
This guide outlines the process from the researcher's perspective. For the protocol's perspective, check here.
0xKorok
/ protocol-guide.md
Last active
December 2, 2024 07:35
Guide for protocols participating in IndependentDisclosure - a framework for receiving and assessing security vulnerability disclosures
IndependentDisclosure is a peer-to-peer vulnerability disclosure framework that combines smart contracts with carefully structured off-chain processes to enable fair and transparent security disclosures.
This guide outlines the process from the protocol's perspective, explaining what to expect and how to participate. A guide from the researcher's perspective can be found here.