Bug Bounty Program

Make money by finding bugs in certain functions in libraries in this bug bounty program.

Currently in the Bug Bounty Program

Find a bug in one of these functions and earn the reward listed!

IsValidJSON from JSON v0.5.7 – $100

Overview

Function: IsValidJSON

Library: JSON v0.5.7

Namespace: no.inductive.idea10.programs

Last bug found: 2018

Bounty: $100

Bounty issued: 2023-05-01

About the function

The function is important for APIs and communication between services in general. The function can be used to check that the data coming in from the Internet is valid JSON.

The function takes JSON as an array of characters. A character is a unsigned 16-bit integer. It also takes a structure of type StringReference. It returns a boolean. If the JSON is valid it returns true. If the JSON is invalid, it return false and sets a message in the StringReference structure.

The function has a bug if it is passed a valid JSON string and returns false, or is passed an invalid JSON and returns true. Validity is judged according to the JSON specification, however, it is only possible to pass an array of 16-bit numbers to this function, which limits its scope.

ReadJSON from JSON v0.5.7 – $50

Overview

Function: ReadJSON

Library: JSON v0.5.7

Namespace: no.inductive.idea10.programs

Last bug found: 2018

Bounty: $50

Bounty issued: 2023-06-25

About the function

The function is important for APIs and communication between services in general. The function can be used to deserialize JSON so that the data in it can be readily accessed by the receiving program.

The function takes JSON as an array of characters. A character is a unsigned 16-bit integer. It also takes structures of type DataReference and StringReference. It returns a boolean. If the JSON is valid it returns true and sets the deserialized data in dataReference. If the JSON is invalid, it return false and sets a message in the StringReference structure.

The function has a bug if it is passed a valid JSON string and returns false, or is passed an invalid JSON and returns true. Validity is judged according to the JSON specification. It also has a bug if some of the data in the JSON string is not serialized correctly.

WriteJSON from JSON v0.5.7 – $50

Overview

Function: IsValidJSON

Library: JSON v0.5.7

Namespace: no.inductive.idea10.programs

Last bug found: 2018

Bounty: $50

Bounty issued: 2023-06-25

About the function

The function is important for APIs and communication between services in general. The function can be used to serialize data for returning it as a result.

The function takes a structure of type Data and returns JSON as an array of characters. A character is a unsigned 16-bit integer.

The function has a bug if it produces JSON that does not serialize the data passed to it correctly.

GenerateDocument from TextualTemplates v0.1.12 – $50

Overview

Function: GenerateDocument

Library: TextualTemplates v0.1.12

Namespace: no.inductive.libraries

Last bug found: 2021

Bounty: $50

Bounty issued: 2023-06-25

About the function

The function is used to generate documents based on templates. Examples of uses in production includes generating emails and web pages.

The function takes four parameters: 1) the template itself, written in a simple templating language, 2) the data for the template in JSON format, 3) a reference to return the document and 4) a reference to return a message.

If the function succeeds, true is returned and the document is set to the instantiated template. If the function fails, false is returned and the message is set to a string explaining the reason.

The function has a bug if it is passed a valid template and a valid JSON string, but either returns false or instantiates the template the wrong way.

AddDaysToDate from datetime v0.1.16 – $50

Overview

Function: AddDaysToDate

Library: datetime v0.1.16

Namespace: no.inductive.idea10.programs

Last bug found: 2017

Bounty: $50

Bounty issued: 2023-05-01

About the function

This function is important for use in planning, scheduling, billing and account systems.

It takes a date as a structure containing a year, a month and a day. It then adds (or subtracts) the number of days given to it and modifies the date given as the first parameter. If the date given is invalid or outside the range of the library, it returns false.

The function has a bug if it sets an invalid date, or set a date that is not the given number of days from the given date.

CreateStringDecimalFromNumber from numbers v0.1.28 – $50

Overview

Function: CreateStringDecimalFromNumber

Library: numbers v0.1.28

Namespace: no.inductive.idea10.programs

Last bug found: 2017

Bounty: $50

Bounty issued: 2023-06-25

About the function

This function is important for serializing numbers.

It takes a number as input and returns a string as output.

The function has a bug if it does not serialize the number correctly. The function assumes the input only has 15 digits of precision and that the exponent has two digits.

CreateNumberFromDecimalStringWithCheck from numbers v0.1.28 – $50

Overview

Function: CreateNumberFromDecimalStringWithCheck

Library: numbers v0.1.28

Namespace: no.inductive.idea10.programs

Last bug found: 2017

Bounty: $50

Bounty issued: 2023-06-25

About the function

This function is for parsing number data.

It takes a string, a number reference and a string reference as input. The string contains the number data. If the number is a valid base ten string, the function returns true, and sets the number reference to the parsed number. If the string does not contain a valid base ten decimal, it returns false and sets a message in the string reference saying what was wrong.

The function has a bug if it does not parse the number data correctly, or if it wrongly interprets the number as valid or invalid. The function will only read 15 digits of precision and an exponent of two digits.

UTF16ToUTF8 from Unicode v0.1.5 – $50

Overview

Function: UTF16ToUTF8

Library: Unicode v0.1.5

Namespace: no.inductive.libraries

Last bug found: 2017

Bounty: $50

Bounty issued: 2023-06-25

About the function

This function is important for serializing byte data from a string.

This function takes an array of characters and produces an array of bytes. The bytes encode the UTF16 encoded text as UTF8.

The function has a bug if it does not encode the UTF16 data correctly as UTF8.

UTF8ToUTF16 from Unicode v0.1.5 – $50

Overview

Function: UTF8ToUTF16

Library: Unicode v0.1.16

Namespace: no.inductive.libraries

Last bug found: 2017

Bounty: $50

Bounty issued: 2023-06-25

About the function

This function is important for creating a string from byte data.

This function takes an array of bytes containing an UTF8 encoded string. It returns a string with the same string encoded as UTF16.

The function has a bug if it does not encode the UTF8 data correctly as UTF16.

BytesToTextBase16 from Bytes v0.1.9 – $50

Overview

Function: BytesToTextBase16

Library: Bytes v0.1.9

Namespace: no.inductive.libraries

Last bug found: 2017

Bounty: $50

Bounty issued: 2023-06-25

About the function

This function is important for creating a text representation of byte data, for transporting and storing binary data as text.

The function takes an array of bytes and creates a string with the base 16 encoding of the bytes.

The function has a bug if it does not correctly encode the byte data in base 16.

TextToBytesBase16 from Bytes v0.1.9 – $50

Overview

Function: TextToBytesBase16

Library: Bytes v0.1.9

Namespace: no.inductive.libraries

Last bug found: 2017

Bounty: $50

Bounty issued: 2023-06-25

About the function

This function is important for getting byte data encoded in a text representation.

It takes a string and produces an array of bytes.

The function has a bug if it does not produce the corresponding array of bytes that is encoded as base 16.

SequencerIteration from Sequencer v0.1.4 – $50

Overview

Function: SequencerIteration

Library: Sequencer v0.1.4

Namespace: no.inductive.libraries

Last bug found: 2017

Bounty: $50

Bounty issued: 2023-06-25

About the function

This function is important for processing requests in sequence. Thus, a program that does not support parallel processing can handle many requests.

It takes an array of clients, a single server and a state as input.

The function has a bug if it does not correctly sequence the requests to the server.

LoadBalancerIteration from LoadBalancer v0.1.3 – $50

Overview

Function: LoadBalancerIteration

Library: LoadBalancer v0.1.3

Namespace: no.inductive.libraries

Last bug found: 2017

Bounty: $50

Bounty issued: 2023-06-25

About the function

This function implements the core functionality of a load balancer. It spreads requests over a number of servers.

It takes an array of clients, an array of servers and load balancer state.

The function has a bug if it does not spread the workload correctly accross the servers, or it does not perform an incoming task, or if it performs the same request multiple times.

Bug Reports Under Consideration

No one has been able to find a bug yet! Find a bug and report it!

Candidates

These are expected to enter the bug bounty program shortly. You can start looking for bugs in these and then claim them once the library enters the bug program.

Functions from datetime v0.1.16
Functions from LuhnAlgorithm v0.1.3
Functions from base64 v0.2.6
Functions from strings v0.9.14
Functions from numbers v0.1.28
Functions from DataStructures v0.1.1
Functions from PNG v0.1.22
Functions from FormulaTranslation v0.1.5
Functions from BasicFileSystem v0.1.6
Functions from Unicode v0.1.2
Functions from ResponseCache v0.1.0
Functions from DEFLATE v0.1.7
Functions from Sequencer v0.1.2
Functions from HighAvailability v0.1.1
Functions from LoadBalancer v0.1.2

About the Bug Bounty Program

Make money by finding bugs in certain functions in libraries in this bug bounty program.

The goal of this bug bounty program is to create completely bug free libraries that can be reused by anyone for all time. This is made possible by creating programs that only depend on the Timeless Instruction Set. This instruction set is stricter that most languages, which means that if it runs there, it most likely runs in most other languages as well.

These libraries are valuable even to those who do not use them directly. They can use the libraries as reference implementations or testing oracles for auditing another implementation of the same things.

Rules

  • A bug is valid input to a function that produces the wrong output. What are allowed inputs and correct outputs are are described for each function in the bug bounty program.
  • A bug report must merely contain the function being testet, the input to the function and the expected output. Send it to martinfjohansen at progsbase.com.
  • Out of memory exceptions or timeouts are not considered bugs unless it can be shown that these are because of another bug causing a too high memory usage or spending too much time.
  • The bug must be reproducible when the code is run using the Timeless Instruction Set. In general, if the bug is present when running in Java, it will probably be present there as well.
  • There is a publicaly available list of functions in the bug bounty program with an associated reward for finding one bug. Only one bug will be considered at a time. Whether a bug is being considered will be shown in the list. If there is no bug being considered at this point in time, go search for one to earn the bounty!
  • When a bug is reported, the bug bounty for that function will be marked as under consideration. If the bug is confirmed, the reward will be payed, the bug fixed and the library will go back to candidate status until we think it is of high enough quality to reenter the bug bounty program.
  • If a bug is not found for some time, we will raise the bounty. This will mean that it will be posssible to obtain certificates with the amount for the amount of time a bug has not been found. For example, FunctionX, a bug has not been found for 4 years with a $1000 bug-bounty.

Building and Running the Libraries

Building and running the libraries are easy as they are all completely computational. Follow these guides to test and run the libraries:

Once the tests run, you know you have successfully built the libraries and you can start looking for bugs. Most libraries have a function called test, run it to test the library, even in the browser. For example, for the JSON library. They usually return the number of tests that failed.

Guarantee Certificates

You can buy a certificate for a function guaranteeing that it is bug-free. If a bug is found, the money will go to the person who found the bug. The more people buy these, the higher the rewards for finding bugs in this function will be. Progsbase will issue rewards for finding bugs as well.

If there are no bugs found for a long time, we can issue certificates stating the current amount of rewards and how long they have stood, the library's dollar years. For example, if a bounty of $1000 has stood for four years, the dollar years will be 4000 dollar years.

Contact Information

We would be more than happy to help you. Our opening hours are 9–15 (CET).

[email protected]

📞 (+47) 93 68 22 77

Nils Bays vei 50, 0876 Oslo, Norway

Copyright © 2018-23 progsbase.com by Inductive AS.