IndependentDisclosure

TrustlessDAO offers a public template repository designed to create a structured and secure environment for vulnerability disclosure. The repository includes:

• README.md: Comprehensive process documentation
• report.md: Template for vulnerability details
• initial-terms.md: Researcher's suggested terms
• authorization.md: Protocol's formal commitment
• protocol-assessment.md: Protocol's validity assessment
• final-terms.md: Agreed settlement terms

Why This Works

The template's structure promotes good faith participation through clear, balanced incentives:

1. Balanced Control

   • Researchers manage initial information sharing.
   • Protocols control the validity assessment.
   • Final terms require mutual agreement.

2. Verifiable Evidence

   • All interactions are documented in the repository.
   • The smart contract records key commitments on-chain.
   • Any bad faith actions are provable without exposing vulnerabilities.

3. Public Accountability

   • Either party can easily demonstrate bad faith to the community.
   • Clear evidence of good faith is straightforward to present.
   • A lack of evidence implies bad faith.
   • Reputational stakes incentivize honest behavior.

Using IndependentDisclosure

Practical guidance is available for both parties:

• For Researchers: How to initiate and manage a disclosure.
• For Protocols: What to expect and how to participate.

Each guide provides step-by-step instructions tailored to the specific roles of researchers and protocols in the process.