A Warm Welcome to You
TrustlessDAO explores how minimal smart contracts, combined with structured off-chain processes, can enable effective peer-to-peer agreements in Web3. Our initial focus is on vulnerability disclosures outside official bug bounty programs.
What We've Built
IndependentDisclosure is a streamlined system that helps security researchers safely disclose vulnerabilities to protocols, even when no official bug bounty program exists. It combines:
- A simple smart contract that records key commitments.
- A standardized private GitHub repository structure for secure communication.
- Clear procedures that protect both parties through transparency.
Quick Overview
In the following chapters, you'll learn:
- Why vulnerability disclosure outside bounty programs is challenging.
- How IndependentDisclosure protects both researchers and protocols.
- Practical steps to start using the system today.
Whether you're a security researcher who has found a vulnerability or a protocol representative who has been contacted about one, you'll find clear, actionable information here.
Started in October 2024, TrustlessDAO is actively developing and improving these tools. Follow our progress on Twitter and GitHub. We'd love your feedback, our DMs are open.