• Forum has been upgraded, all links, images, etc are as they were. Please see Official Announcements for more information

InstantSend double spend bounty

InstantSend has been the default for all Dash transactions for a few years now, but a lot of people outside of Dash haven't heard of InstantSend neither know what it is nor how it works. I propose the following idea in order to change the situation: create a InstantSend double spend bounty.

The DIF (or another trusted entity within the Dash ecosystem) could set up a double spend bounty fund. People could donate to the fund and MNOs could vote on a proposal and allocate Dash for the fund potentially even on a regular basis. The size of the fund would grow over time generating an increased incentive to attack InstantSend. If someone claims the bounty, good for Dash. We can fix a critical bug. If the bounty isn't claimed within a predefined timeframe (e.g. 2 years) the DIF (or another entity) would have a huge bag for future investments.

This could be used to market InstantSend as well as simultaneously demonstrate its security. It would also incentivize attacks which would only strengthen the Dash network. Also, after the predefined timeframe the DIF (or another entity) would have more DASH to invest.

Why specifically an InstantSend double spend bounty?
  1. A double spend is a common term within the cryptosphere. Almost everyone knows what the potential ramifications of a successful double spend are.
  2. Attracting serious attacking skills needs serious money.
  3. Having something like a 1 million USD bounty would be great PR wise as well as a huge opportunity to market InstantSend.
 
Having a separate bounty for IS double spend is stupid, the network already offers a 1 billion dollar bounty for this to be exploited and it has not because it is not possible or economic to exploit it, LOL.
 
This should help this issue: https://github.com/DashNetwork/dn-issues/issues/21

My comment on discord:
We need to carefully examine the probability not just at the protocol level but also the system and code levels to ensure the implementation is accurate and is not vulnerable to indirect attacks (e.g., DOS) . It is a positive PR if no one can break it but at the same time a big credibility hit if it actually happens.

@Darren asked for next DIF ideas recently.
 
Having a separate bounty for IS double spend is stupid, the network already offers a 1 billion dollar bounty for this to be exploited and it has not because it is not possible or economic to exploit it, LOL.

Can you elaborate on 1B bounty? Are you talking about stealing money on the network or something else?
 
Can you elaborate on 1B bounty? Are you talking about stealing money on the network or something else?
Yeah, obviously.. The network is under attack 24/7 people trying to scam anyway they can, if there was a way to double spend DASH I can assure you it would be done already.

The bounty ONLY makes sense on a testnet after new unverified code is released to it because there is no financial incentive to break testnet. Having a bounty on mainnet just makes no sense, go exploit it now on actual exchanges if you think you can.
 
Other projects are doing security bounties because it's an industry best practice. Take a look at for example Immunefi. Lots of 2.5 mil USD bounties there. Those bounties are far more attractive than the $50-$5k ones offered by DCG. The former will attract serious attacks, the latter won't attract much or any.
 
Other projects are doing security bounties because it's an industry best practice. Take a look at for example Immunefi. Lots of 2.5 mil USD bounties there. Those bounties are far more attractive than the $50-$5k ones offered by DCG. The former will attract serious attacks, the latter won't attract much or any.
Bro, the only valid bounties are for things still on testnet, ie Evo which doesn't even have a tokenised version of Dash implemented yet. As for mainnet, there is already a billion dollar bounty there with all our coins and exchanges confirming deposits in 1 conf, do you think the hackers are waiting for a DCG bounty to exploit mainnet? If there was a way to do it, they would have done it already.

So, question is what feature of evo scares you the most and you think we should pay special attention to?
 
As for mainnet, there is already a billion dollar bounty
There are far bigger bounties on Ethereum mainnet. Who's interested in attacking Dash?

do you think the hackers are waiting for a DCG bounty to exploit mainnet
Hackers are a diverse group. There are white hats, grey hats, black hats, <insert_color_here> hats. I suspect that there are enough people who would be interested in pentesting Dash if there was a reasonably sized bounty.

So, question is what feature of evo scares you the most and you think we should pay special attention to?
We can tackle that question when the first mainnet release of DP is in its final stage.
 
Back
Top