TrustlessDAO solves this. Our mechanisms empower bounty hunters to hunt without such limitations. Our TrustlessDisclosure systems will effectively put all deployed assets in scope on day 1. OOS debates will be a thing of the past. Anything less is creating an uneven playing

Bug bounty would be better off without the concept of scope. We’re building this future at TrustlessDAO

Truly a sustained assault on the idea—love to see it! Great questions, ser guhu ! It wasn’t possible to include this level of detail in my general overview, but I’ll dive into it now.👇

🧵 1/5 I initially considered a traditional escrow/collateral approach for the TrustlessDisclosure contract but deliberately chose a pure reputation approach. Here's why: 👇

93 lines of Solidity might be all it takes to instantly bring every contract on every chain into bug bounty scope.

We received a report that our disclosure technically allows a researcher to front-run a protocol's acceptFinalTerms() call to modify severity/reward. Here's why this isn't a concern and what it teaches us about Web3 agreements 👇

Shout-out to Antonio Viggiano—he didn’t mince words when giving his feedback to “use SafeERC20” in TrustlessDAO’s IndependentDisclosure. This was simply too much for me. It led me to remove all payment and token handling from the contract since it seemed to distract everyone who

Introducing Gradual Disclosure Process (GDP) - a structured ethical approach to vulnerability disclosure. The goal is to establish communication with the protocol while exposing as little as possible. Protocols are incentivized to establish contact in order to privately receive

The mighty Martin Marchev has answered the call! 🛡️ He’s done his part—now it’s your turn, anon. Think you can find a flaw in our mechanisms? Onward to glory! ⚔️

Inspired by WhiteHatMage's post, I might start calling disclosures made outside traditional BBPs “wilderness bounties.” After all, “hunter” has always sounded cooler than “security researcher,” and there’s something epic about the idea of hunting in the wilderness. Not everyone

I battled Josselin Feist in the DMs for HOURS yesterday on the topic of ethical disclosures. ⚔️ A great conversation that has honed my arguments. He suggested the TrustlessDAO process might resemble extortion or blackmail. I strongly disagree. My counterpoint: it’s not illegal