WEFUZZ, a fully decentralized, crowdsourced security audit and bug bounty solution | by Coinbase | Feb, 2022

This report updates on what WEFUZZ, Coinbase Crypto Neighborhood Fund grant recipient, has been engaged on over the primary a part of their year-long Crypto growth grant. This particularly covers their work on a decentralized, crowdsourced safety audit and bug bounty answer.

By WEFUZZ, Coinbase Crypto Neighborhood Fund grant recipient

WEFUZZ implements a totally decentralized, crowdsourced safety audit and bug bounty answer: a set of sensible contracts that enable builders and firms to get their sensible contracts, blockchains, web sites, and so forth., audited by the auditors and hackers group. With this work, WEFUZZ goals to turn into the *Hacker DAO*.

Crowdsourcing is a sourcing mannequin through which people or organizations receive items or companies — together with concepts, voting, micro-tasks and so forth., from a big, comparatively open, and quickly evolving group of individuals. Corporations like Uber, Gitcoin and GoJek already use this mannequin. Crowdsourcing mannequin provides improved prices, velocity, high quality, flexibility, scalability, and variety.

The normal crowdsourcing system consists primarily of three roles: requesters, employees (auditors in our case), and a centralized system. Requesters submit duties to be accomplished via the crowdsourcing system. A set of auditors full this activity and submit options to the crowdsourcing system. Requesters will then choose a correct answer (normally the primary or the perfect one which solves the duty) and reward the corresponding employee

This makes centralized methods susceptible. Person’s delicate info (e.g. title, e-mail tackle and so forth.,) and vulnerability reviews are saved within the database of those centralized methods, which has the inherent danger of privateness disclosure and information loss. Centralized choke factors usually are not solely assault vectors for leaks and hacks, but additionally for outages.

Crowdsourcing firms are eager on maximizing their advantages and require requesters paying for companies, which in flip enhance consumer’s prices. Most crowdsourcing methods demand a ten–25% service charge.

All these points add as much as the already present considerations of sensible contract and multi-chains homeowners and builders (the audit requesters), freelance auditors’ and moral hackers’ considerations. A few of these considerations are:

• Making certain their property are protected from cyber theft, information hacks or another danger that may end up in a lack of funds and compromised information
• With the ability to get audits performed in a cheap means — be it personal or public safety audits
• Ensuring the sensible contracts are audited by a number of auditors
• Hackers don’t need to share delicate private information
• Hackers and auditors and builders want full transparency

WEFUZZ is a totally decentralized, crowdsourced audit and bug bounty platform aiming to be the Hacker DAO. WEFUZZ goals to offer reliability, equity, safety and low service charges by design.

The decentralized platform has many benefits similar to increased consumer safety, service availability, and decrease prices. Sensible contracts operating on a selected blockchain are used to carry out the entire strategy of crowdsourcing duties which comprises posting audit and bounty campaigns, submitting audit and bug reviews, bounty task, and so forth.

WEFUZZ answer provides quite a few added advantages to customers:

• Knowledge Safety: Experiences are encrypted with auditors’ and goal builders’ public key, in order that the bug reviews solely will get learn by who it’s meant for. Information are encrypted and saved on the decentralized community storage. No extra information breaches, hacks, password leaks or another danger affecting present cloud primarily based audit and bug bounty platforms.
• Value Effectiveness: Permitting sensible contract builders, multi-chain builders, and firms to get audits carried out in a cheap means instantly by the auditors and hacker crowd on the WEFUZZ platform. This helps the builders and firms keep away from enormous charges and congestion points affecting the normal bug bounty platforms.
• Versatile anonymity: Auditors and hackers can select to stay nameless whereas submitting reviews, defending their privateness, and nonetheless getting paid.
• Communication Safety: No centralized information storage, full anonymity, no information transfers, no moderators and full end-to-end encryption. All the info resides encrypted on the Solana blockchain and all of the recordsdata reside on the IPFS blockchain.