Alternatives to Bountysource

[ghost]

Alternatives

Quite similar

• https://algora.io

Different

• https://lemmy.ml/c/bugbounties
• https://replit.com/bounties

https://alternativeto.net/software/bountysource/

---

Now with bountysource gone

• 1586

• 1593

how do we file/find bounties?

Simplest bounty label

The bounty-issuer just labels an issue with bounty, adds a value to the title (like [$500]), and pays out the bounty uppon completition. No escrow, but in the end, one can never be sure if the bounty is payed out in the end, even with escrow.

If the projects stick to the bounty github label, one can search for bounties across projects

Different Bounty Systems

• gitcoin => has stopped taking bounties
  • not a loss, was dysfunctional and issuer-centric

Create one

• 1596

[nyaaowo]

I can try to implement the new bounty system you mentioned since I wrote something similar before.

The most feasible blockchain for it is Arbitrum One, an Ethereum L2 rollup. The gas fee for donation is around $0.08. It will accept ETH and USD stablecoins donation.

The first bounty poster needs to go to the dapp website to create the bounty on blockchain after posting the issue on github. Anyone can donate and the donation will be locked for a certain period (maybe 14 days). After locking period, the donations can be refunded at any time. The project maintainer chooses which the accounts to receive the fund. A bot will keep the total donations updated on github and releases the fund to the recipient when the issue is resolved.

So who do you need to trust here: 1) the project maintainer to select the right recipients. 2) the contract owner that fetches data from github to release the fund to the chosen account.

[quickwritereader]

I do not have any experience in blockchain based things. the suggested system should meet at least these technical requirements.

• fully open source
• secure code
• trusted execution
• automatic or semi-automatic anti scam, anti fraud protection if possible
• consensus among backers (majority 75% or full vote) and issue owner(in this case github close) and bounty system moderators on final transaction
• reasonable fee for bounty system moderators
• other security measures

[makeasnek]

There is a real need for a Bounty Source replacement, anybody who builds one can make some significant money doing so imo. I made a lemmy community for posting and sharing bug bounties int the meantime https://lemmy.ml/c/bugbounties

Crypto of some kind as a settlement layer will almost certainly make posting and paying out bounties easier, the complexity comes with trying to use multiple different cryptos at once or providing people with a fiat on-ramp.

[ConcurrentCrab]

I think it is also worth considering a non-cryptocurrency platform, especially given the recent decline in public trust in cryptocurrencies (for pretty good reasons). Traditional payment platforms certainly have some hassle and overhead, but you are going to avoid a lot of other hassles, like its volatility and local regulations that are still in infancy.

Also worth mentioning is that those traditional platforms are the only ones that implement any useful form of checks and protections for the customer against everyday malicious vendors, like bountysource was in this case (speaking as someone who has a bounty pending on the site, but the bounty poster was nice enough to attempt a chargeback, which was processed very quickly by paypal, and send the amount directly to me). While cryptocurrency platforms are busy overengineering solutions to far less realistic scenarios like the 51% attack.

[quickwritereader]

definitely, having a regulated platform is better. but in Bountysource's case, they violated escrowed funds and stole the money that should have been paid to us. And still, they keep ignoring it. in my case, it is the IBM fund that got stolen. So that is the reason behind the new attempt where funds could be in a more reliable place. So here was suggested some smart crypto contract-based solution. But one needs to check the codes to diminish its possible flaws. So crypto side has also its issues, especially since it lost the trust it had before because of scammers and security holes in the system.

[ghost]

see

• https://github.com/bountysource/core/issues/1596

[makeasnek]

re: many crypto project being scams or rugpulls: don't use those coins then, simple as that. Bitcoin has faithfully been relaying transactions and millions of dollars of value a day for people for 15 years without a single hack or day of downtime. Please don't paint long-term reliable cryptocurrency payment methods with the same brush as bananacoin or whatever the latest obvious get rich quick scheme is doing. As soon as you start running an site for international escrow of funds, I think you will find out very quickly the major hassles associated with traditional payment systems. With crypto, you can send money anywhere in the world within seconds to minutes with no holds, chargebacks, no waiting for long settlement times, or other nonsense. It's basically designed for exactly this scenario.

Your developer who claims the bounty only needs to fulfill the bounty and have access to an internet-connected device to receive the funds. And anybody with an internet-connected device can donate to the bounty. There are whole countries with no reliable banking infrastructure but ubiquitous cell phone access. People in these countries tend to work for less (get your bounties done for less) and see online marketplaces as major opportunity to lift them and their country out of poverty. The more people involved in the international economy, the richer we all are.

Especially when dealing with people in fraud-prone countries, the last thing you want to do is involve paypal or bank transfers. Why? Because they can make money exist in two places at once, they are absolutely ripe for fraud. Would you sell a $800 iPhone to somebody on eBay who live in.. let's say Nigeria? Of course not, because you know they're going to tell PayPal the item "never arrived" or "didn't work" and get your iPhone for free while you are out the $800 you paid for the phone. However if they buyer sent you Bitcoin, congratulations, the funds are yours and they cannot do anything to claw them back from you. Obviously that's a different situation from BountySource's niche, I'm just saying that traditional finance is rife with ways to scam people as anybody who has run a business using them can tell you. Paypal only partially protected people's funds in this BountySource case, and only after the evidence had turned into a mountain. It rewarded BountySource with untold amounts of funds that they stole from people. In BountySource's cases, the likely scam route is for people donating to bounties to pull their funds after the payout by filing fraudulent claims with PayPal's claims division, leaving BountySource in the red. Every online seller will tell you that PayPal sides with the buyer 99% of the time even when the evidence is clearly in the other direction and that you will need to spend hours of time fighting paypal on each of these cases. And even then, even if the evidence is clearly on your side, there is no guarantee you will be successful. This kind of fraud is rampant.

A smart contract based system, on the other hand, where donors to a bounty had to vote on whether or not to pay out the bounty, cannot have this happen to it. The funds simply cannot be taken without the consent of the users whose funds they are. Simple as that. I don't think smart contracts are the answer here, simply because they can only work on one chain at a time, and in theory you would probably want to accept donations in multiple cryptocurrencies. But they could be, community funding initiatives like DAOs and community grant systems have been using this functionality for years. The benefit of this approach is that you don't have to place trust in an intermediary like BountySource. One could, in theory, have a smart contract for each smart-contract supporting currency you accepted as donations to bounties.

However if are to replicate BountySource's functionality, the trust is placed in BountySource or whomever the escrow provider is. So people can just donate straight crypto or their own national currency if BountySource happens to have a reliable bank link to that country. While crypto may, from a technical perspective, be a much more usable system for international value transfer, most people are going to want to donate and get paid in their national currency, so any replacement for BountySource will likely want this feature as well.

[quickwritereader]

canwork.io Canya was the previous owner of Bountysource before selling it to The Tbg who is another blockchain thing. they both did not attempt to convert Bountysource into it.

[makeasnek]

Also, BountySource's code is on this repo, does anybody know how complete this code is? Could somebody theoretically just take it and run a BountySource clone with it?

[quickwritereader]

Its based on ruby and rails. I never checked it as I dont know ruby. But it should be complete enough. Just throughout the history they attempted to change its look and feel. It was mostly done by Canya workers

[ghost]

Could somebody theoretically just take it and run a BountySource clone with it?

Yes, fork it, disable redundant stuff like badges etc., and launch. Needs one month full-time attention, then possibly 10h / week.

[makeasnek]

Just came across this site algora.io may be of interest to people. I can't vouch for it and haven't used it personally, but it looks to try to solve much of the niche bountysource did.

[ghost]

Just came across this site algora.io

Looks good, if we exclude the higher fees for the bounty-issuers.

[wiki-me]

Yes, fork it, disable redundant stuff like badges etc., and launch. Needs one month full-time attention, then possibly 10h / week.

I think rysolv is better (it can show the top bounties for a project and the platform), but it probably needs some work due to this and this issues.

[BitcoinBrief]

Resolvr is a decentralized bounty board that will use noncustodial escrow and crowdsourced juries to determine if bounties have been fulfilled.

Centralized bounty boards like BountySource all suffer from risk of exit scams/insolvency. And without escrow each bounty taker must trust the bounty maker. Resolvr is aiming to solve these problems.

It's being built for a hackathon right now and needs alpha testers. Let the team know what you think of the design.

All contributors welcome!

[makeasnek]

@BitcoinBrief looks very compelling, glad to see a project like this getting off the ground!

[gib-work]

We're working on this and are currently in Private Beta - Twitter | Discord | YouTube

We use a decentralized and secure escrow for payments so no centralized entity holds your money.

We use USDC for payments, a trusted and stable cryptocurrency, with very minimal fees.

You'll receive your payment instantly. As soon as your Pull Request is approved, your payment is sent and ready for immediate withdrawal.

[francisdb]

Found https://gitpay.me