Skip to content

HyperSafeD/OrderDeck

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

68 Commits
chinchin
chinchin
Β 
Β 
contracts
contracts
Β 
Β 
frontend
frontend
Β 
Β 
scripts
scripts
Β 
Β 
test
test
Β 
Β 
.gitignore
.gitignore
Β 
Β 
DEPLOY.md
DEPLOY.md
Β 
Β 
FRONTEND_REFACTOR_SUMMARY.md
FRONTEND_REFACTOR_SUMMARY.md
Β 
Β 
QUICKSTART.md
QUICKSTART.md
Β 
Β 
README.md
README.md
Β 
Β 
hardhat.config.js
hardhat.config.js
Β 
Β 
package-lock.json
package-lock.json
Β 
Β 
package.json
package.json
Β 
Β 

Repository files navigation

VaultGuard πŸ”

Decentralized bug bounty platform - A protocol-friendly, researcher-friendly, and judge-based vulnerability reporting system built on Celo.

VaultGuard is a decentralized bug bounty platform where protocols create vaults with custom payout tiers, security researchers submit vulnerabilities, and trusted judges verify submissions through multisig voting. Built with Solidity for the Web3 ecosystem.

✨ Features

Protocol-Friendly

  • βœ… Custom Payout Tiers - Set LOW/MEDIUM/HIGH/CRITICAL payout percentages
  • βœ… Choose Your Judges - Select trusted security firms, auditors, or community members
  • βœ… Multisig Voting - Configurable approval threshold for submissions
  • βœ… Flexible Funding - Deposit more funds anytime to your vault
  • βœ… Vault Management - Close vault and withdraw remaining funds anytime

Researcher-Friendly

  • βœ… IPFS Integration - Submit vulnerability reports via IPFS hash (privacy-first)
  • βœ… Automatic Payout Calculation - Based on severity and vault configuration
  • βœ… Low Platform Fee - Only 2.5% platform fee (vs 10-20% on centralized platforms)
  • βœ… Trustless - Can't be censored or denied unfairly
  • βœ… Transparent - All submissions and payouts visible on-chain

Judge System

  • βœ… Decentralized Verification - Multisig voting by trusted judges
  • βœ… One Rejection = Denied - Prevents bad reports from being approved
  • βœ… Threshold Approvals - Automatic payout when threshold is met
  • βœ… Transparent Voting - All votes recorded on-chain

Security Features

  • πŸ”’ Funds Locked - Funds locked in contract until approved
  • πŸ”’ Protocol Control - Protocol can close vault and withdraw remaining funds
  • πŸ”’ Transparent History - All submissions visible on-chain
  • πŸ”’ No Censorship - Decentralized platform can't arbitrarily deny claims

πŸ“‹ Contract Overview

Severity Levels

  • LOW - Minor issues (typically 1-10% of vault)
  • MEDIUM - Moderate issues (typically 5-25% of vault)
  • HIGH - Critical issues (typically 20-50% of vault)
  • CRITICAL - Severe vulnerabilities (typically 50-100% of vault)

Key Functions

Vault Management

  • createVault(judges, requiredApprovals, payouts) - Create a new bug bounty vault
  • depositFunds(vaultId) - Add more funds to an existing vault
  • closeVault(vaultId) - Close vault and withdraw remaining funds

Submissions

  • submitVulnerability(vaultId, reportHash, severity) - Submit a vulnerability report
  • voteOnSubmission(submissionId, approved) - Judge votes on a submission
  • claimPayout(submissionId) - Claim payout for approved submission

View Functions

  • getVaultJudges(vaultId) - Get list of judges for a vault
  • getVaultSubmissions(vaultId) - Get all submissions for a vault
  • getSubmissionDetails(submissionId) - Get detailed submission information
  • getPayoutPercentage(vaultId, severity) - Get payout percentage for severity level

πŸš€ Getting Started

Prerequisites

  • Node.js (v16 or higher)
  • npm or yarn
  • Hardhat
  • CELO tokens for gas fees (for deployment)

Installation

  1. Clone the repository:
git clone https://github.com/Gbangbolaoluwagbemiga/GuidlVault.git
cd GuidlVault
  1. Install dependencies:
npm install
  1. Create a .env file in the root directory:
PRIVATE_KEY=your_private_key_here
CELOSCAN_API_KEY=your_celoscan_api_key_here
CELO_RPC_URL=https://forno.celo.org

Compile

npm run compile

Test

npm run test

Deploy

Celo Mainnet

npm run deploy:celo:mainnet

Celo Alfajores (Testnet)

npm run deploy:celo:alfajores

πŸ“– Usage Examples

Creating a Vault

// Example: Create a vault with 3 judges, requiring 2 approvals
address[] memory judges = [judge1, judge2, judge3];
uint256 requiredApprovals = 2;
uint256[4] memory payouts = [
    100,   // 1% for LOW
    500,   // 5% for MEDIUM
    2000,  // 20% for HIGH
    5000   // 50% for CRITICAL
];

vaultGuard.createVault(judges, requiredApprovals, payouts, {
    value: ethers.parseEther("10") // 10 CELO initial deposit
});

Submitting a Vulnerability

// Submit with IPFS hash of encrypted report
vaultGuard.submitVulnerability(
    vaultId,
    "QmYourIPFSHashHere",
    Severity.HIGH
);

Voting on Submission

// Judge approves submission
vaultGuard.voteOnSubmission(submissionId, true);

// Judge rejects submission (immediate rejection)
vaultGuard.voteOnSubmission(submissionId, false);

Claiming Payout

// Researcher claims approved payout
vaultGuard.claimPayout(submissionId);

🌐 Deployment

Deployed Contract

Celo Mainnet:

Base Mainnet:

Network Information

Network Chain ID Explorer RPC URL
Celo Mainnet 42220 CeloScan https://forno.celo.org
Celo Alfajores 44787 CeloScan Alfajores https://alfajores-forno.celo-testnet.org
Base Mainnet 8453 BaseScan https://mainnet.base.org
Base Sepolia 84532 BaseScan Sepolia https://sepolia.base.org

πŸ” Security Considerations

  • ⚠️ Never commit your .env file or private keys
  • βœ… All withdrawals require multisig approval
  • βœ… One judge rejection = immediate denial
  • βœ… Funds locked until approval
  • βœ… Protocol can close vault anytime
  • βœ… Transparent on-chain history

πŸ“ Project Structure

GuidlVault/
β”œβ”€β”€ contracts/
β”‚   β”œβ”€β”€ VaultGuard.sol       # Main bug bounty contract
β”‚   └── MockERC20.sol        # Mock token for testing
β”œβ”€β”€ scripts/
β”‚   └── deploy.js            # Deployment script
β”œβ”€β”€ test/
β”‚   └── VaultGuard.test.js   # Test suite
β”œβ”€β”€ hardhat.config.js        # Hardhat configuration
β”œβ”€β”€ package.json
└── README.md

🎯 Hackathon Pitch Points

  • Real Problem: HackerOne/Immunefi take huge cuts (10-20%) and can arbitrarily deny claims
  • Composable: Other protocols can query past submissions for researcher reputation
  • Transparent: All payouts/rejections visible on-chain
  • Demo-able: Easy to show vault creation β†’ submission β†’ voting β†’ payout flow
  • Low Fees: Only 2.5% platform fee vs 10-20% on centralized platforms

🀝 Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

  1. Fork the repository
  2. Create your feature branch (git checkout -b feature/AmazingFeature)
  3. Commit your changes (git commit -m 'Add some AmazingFeature')
  4. Push to the branch (git push origin feature/AmazingFeature)
  5. Open a Pull Request

πŸ“„ License

This project is licensed under the MIT License - see the LICENSE file for details.

πŸ™ Acknowledgments

  • Celo - For the carbon-negative blockchain
  • OpenZeppelin - For secure, audited smart contract patterns
  • Hardhat - For the amazing development environment

πŸ’‘ Future Enhancements

  • πŸ“Š Analytics and reporting dashboard
  • πŸ”„ Recurring vault funding
  • πŸ‘₯ Multi-vault management interface
  • 🏷️ Tagging and categorization
  • πŸ“§ Event notifications
  • πŸ” Integration with governance tokens
  • ⚑ Gasless transactions (meta-transactions)
  • πŸ“± Mobile app integration
  • 🌍 Multi-language support

Built with ❀️ for the Web3 security ecosystem

Decentralized, transparent, and fair bug bounty platform. πŸ”

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages