The Ethereum ecosystem is a growing world where ideas and projects are sometimes bigger than the security measures created when those ideas are brought to life. However, when it comes to these new technologies holding large sums of money, this can cause an uproar when those fragile security measures are breached. Just like with the case of the DAO downfall, if the smart contract of the DAO was tested before money was put into the project, there could have been a different outcome. The flaw in the contract would have been discovered and millions of dollars may not have been lost. Security measures should never be overlooked when writing great contracts or code. This is why this new bug bounty program was created.
A new Ethereum-based automated bug bounty framework for Ethereum smart contracts, “Put Your Money Where Your Contract Is” created by Ron Meron, is a proposed mechanism that allows high-stake contract authors to create a trustless, Ethereum-based bug bounty to be used in the period after the high-stake contract is published, but before the contract is put into action.
“Our contribution is to propose a general-purpose, reusable "Put Your Money Where Your Contract Is" Bounty manager contract that allows high stake contract creators to set up bounty programs with minimal overhead, and provides higher confidence for challengers that they will receive the award if they are successful.”
If contract authors created more due diligence by utilizing bug bounty programs, smart contracts would be more secure and less exploitable. Enacting a bug bounty program into existing smart contracts doesn’t diminish the quality of the idea or code, but helps build a stronger ecosystem altogether.
To learn more about this bounty program, head to the “Put Your Money Where Your Contract Is” Github.