0%

WEFUZZ, a fully decentralized, crowdsourced security audit and bug bounty solution

Feb 22, 2022 5 min read
News Article Banner Image

By WEFUZZ, Coinbase Crypto Community Fund grant recipient

Introduction

WEFUZZ implements a fully decentralized, crowdsourced security audit and bug bounty solution: a set of smart contracts that allow developers and companies to get their smart contracts, blockchains, websites, etc., audited by the auditors and hackers community. With this work, WEFUZZ aims to become the *Hacker DAO*.

What is Crowdsourcing?

Crowdsourcing is a sourcing model in which individuals or organizations obtain goods or services — including ideas, voting, micro-tasks etc., from a large, relatively open, and rapidly evolving group of participants. Companies like Uber, Gitcoin and GoJek already use this model. Crowdsourcing model offers improved costs, speed, quality, flexibility, scalability, and diversity.

The Need for a decentralized crowdsourced platform?

The traditional crowdsourcing system consists mainly of three roles: requesters, workers (auditors in our case), and a centralized system. Requesters submit tasks to be completed through the crowdsourcing system. A set of auditors complete this task and submit solutions to the crowdsourcing system. Requesters will then select a proper solution (usually the first or the best one that solves the task) and reward the corresponding worker

This makes centralized systems vulnerable. User’s sensitive information (e.g. name, email address etc.,) and vulnerability reports are saved in the database of these centralized systems, which has the inherent risk of privacy disclosure and data loss. Centralized choke points are not only attack vectors for leaks and hacks, but also for outages.

Crowdsourcing companies are keen on maximizing their benefits and require requesters paying for services, which in turn increase user’s costs. Most crowdsourcing systems demand a 10–25% service fee.

All these issues add up to the already existing concerns of smart contract and multi-chains owners and developers (the audit requesters), freelance auditors’ and ethical hackers’ concerns. Some of these concerns are:

  • Ensuring their assets are safe from cyber theft, data hacks or any other risk that can result in a loss of funds and compromised data

  • Being able to get audits done in a cost-effective way — be it private or public security audits

  • Making sure the smart contracts are audited by multiple auditors

  • Hackers do not want to share sensitive personal data

  • Hackers and auditors and developers need complete transparency

WEFUZZ: Fully decentralized, crowdsourced audit and bug bounty platform

WEFUZZ is a fully decentralized, crowdsourced audit and bug bounty platform aiming to be the Hacker DAO. WEFUZZ aims to provide reliability, fairness, security and low service fees by design.

The decentralized platform has many advantages such as higher user security, service availability, and lower costs. Smart contracts running on a chosen blockchain are used to perform the whole process of crowdsourcing tasks which contains posting audit and bounty campaigns, submitting audit and bug reports, bounty assignment, etc.

WEFUZZ solution offers numerous added benefits to users:

  • Data Security: Reports are encrypted with auditors’ and target developers’ public key, so that the bug reports only gets read by who it is intended for. Files are encrypted and stored on the decentralized network storage. No more data breaches, hacks, password leaks or any other risk affecting existing cloud based audit and bug bounty platforms.

  • Cost Effectiveness: Allowing smart contract developers, multi-chain developers, and companies to get audits performed in a cost-effective way directly by the auditors and hacker crowd on the WEFUZZ platform. This helps the developers and companies avoid huge fees and congestion issues affecting the traditional bug bounty platforms.

  • Flexible anonymity: Auditors and hackers can choose to remain anonymous while submitting reports, protecting their privacy, and still getting paid.

  • Communication Security: No centralized data storage, complete anonymity, no data transfers, no moderators and complete end-to-end encryption. All the data resides encrypted on the Solana blockchain and all the files reside on the IPFS blockchain.

Persona

Audit Requestors: Developers, companies or any individual can request audits or start a private/public bug bounty campaign.

Auditors: Auditors can be anyone from ethical hackers to audit firms who can perform the requested audits or participate in bug bounty campaigns.

Judges: Judges are community members who are either elected by the community or have been raised to the Judge category through reputation.

Roadmap and progress

Currently, we are working on the conceptualization, technical architecture, and system design of WEFUZZ, besides building our MVP on Solana and Polygon blockchains, and testing the optimal chain for our project.

Please join our Discord and follow us on our Twitter and Medium to keep track of the progress. We are going to release the code and other tools we build as part of the research and development in this Github account.

Coinbase is officially seeking applications for our 2022 developer grants focused on blockchain developers who contribute directly to a blockchain codebase, or researchers producing white papers. Learn more about the call for applications here.

was originally published in The Coinbase Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Related News By:

Latest Crypto News

Popular news

How to Set Up and Use Trust Wallet for Binance Smart Chain
#Bitcoin#Bitcoins#Config+2 more tags

How to Set Up and Use Trust Wallet for Binance Smart Chain

Your Essential Guide To Binance Leveraged Tokens

Your Essential Guide To Binance Leveraged Tokens

How to Sell Your Bitcoin Into Cash on Binance (2021 Update)
#Subscriptions

How to Sell Your Bitcoin Into Cash on Binance (2021 Update)

What is Grid Trading? (A Crypto-Futures Guide)

What is Grid Trading? (A Crypto-Futures Guide)

Start trading with Cryptohopper for free!

Free to use - no credit card required

Let's get started
Cryptohopper appCryptohopper app
Download the app from the Apple App StoreDownload the app from the Google Store
Follow us on social media
EN
EN
NL
NL
CZ
CZ
DE
DE
ES
ES
FR
FR
ID
ID
JP
JP
KR
KO
PL
PL
PT-BR
BR
RU
RU
TR
TR
ZH-CN
ZH

Disclaimer: Cryptohopper is not a regulated entity. Cryptocurrency bot trading involves substantial risks, and past performance is not indicative of future results. The profits shown in product screenshots are for illustrative purposes and may be exaggerated. Only engage in bot trading if you possess sufficient knowledge or seek guidance from a qualified financial advisor. Under no circumstances shall Cryptohopper accept any liability to any person or entity for (a) any loss or damage, in whole or in part, caused by, arising out of, or in connection with transactions involving our software or (b) any direct, indirect, special, consequential, or incidental damages. Please note that the content available on the Cryptohopper social trading platform is generated by members of the Cryptohopper community and does not constitute advice or recommendations from Cryptohopper or on its behalf. Profits shown on the Markteplace are not indicative of future results. By using Cryptohopper's services, you acknowledge and accept the inherent risks involved in cryptocurrency trading and agree to hold Cryptohopper harmless from any liabilities or losses incurred. It is essential to review and understand our Terms of Service and Risk Disclosure Policy before using our software or engaging in any trading activities. Please consult legal and financial professionals for personalized advice based on your specific circumstances.

©2017 - 2025 Copyright by Cryptohopper™ - All rights reserved.