@yegor256, similar to what one finds in companies doing in https://www.hackerone.com/ I suggest we define a bug bounty program for both Zold and the web wallets projects.
Here's more detail of what could be done:
Define a document (or add to an existing one, like the README) clearly stating the rules (and template) for reporting a security vulnerability (Disclosure, Eligibility, Exclusions, ...);
Define the value (in $ or ZLD currency) for the reward levels for each type of eligible vulnerability;
Describe how rewards are processed and transferred to the vulnerability reporter;
Suggestion: setup this on a platform already specialised for the matter (like https://hackerone.com);
Regarding the type of vulnerabilities applicable for a bug bounty program, here's a few noteworthy examples of policies:
@filfreire/z this project will fix the problem faster if you donate a few dollars to it; just click here and pay via Stripe, it's very fast, convenient and appreciated; thanks a lot!
The job #722 assigned to @yegor256/z, here is why; the budget is 30 minutes, see §4; please, read §8 and §9; if the task is not clear, read this and this; there will be no monetary reward for this job
@yegor256, similar to what one finds in companies doing in https://www.hackerone.com/ I suggest we define a bug bounty program for both Zold and the web wallets projects.
Here's more detail of what could be done:
Regarding the type of vulnerabilities applicable for a bug bounty program, here's a few noteworthy examples of policies: