Bug Bounty Program

Make money by finding bugs in certain functions in libraries in this bug bounty program.

Currently in the Bug Bounty Program

Find a bug in one of these functions and earn the reward listed!

IsValidJSON from JSON v0.5.7 – $200

Overview

Function: IsValidJSON

Library: JSON v0.5.7

Namespace: no.inductive.idea10.programs

Last bug found: ~2019

Bounty: $200

Bounty issued: 2023-05-01

About the function

The function is important for APIs and for communication between services in general. The function can be used to check that the data coming in from the Internet is valid JSON.

The function takes JSON as an array of characters. A character is a unsigned 16-bit integer. It also takes a structure of type StringReference. It returns a boolean. If the JSON is valid it returns true. If the JSON is invalid, it return false and sets a message in the StringReference structure.

The function has a bug if it is passed a valid JSON string and returns false, or is passed an invalid JSON and returns true. Validity is judged according to the JSON specification, however, it is only possible to pass an array of 16-bit numbers to this function, which limits its scope.

ReadJSON from JSON v0.5.7 – $100

Overview

Function: ReadJSON

Library: JSON v0.5.7

Namespace: no.inductive.idea10.programs

Last bug found: ~2019

Bounty: $100

Bounty issued: 2023-06-25

About the function

The function is important for APIs and communication between services in general. The function can be used to deserialize JSON so that the data in it can be readily accessed by the receiving program.

The function takes JSON as an array of characters. A character is a unsigned 16-bit integer. It also takes structures of type DataReference and StringReference. It returns a boolean. If the JSON is valid it returns true and sets the deserialized data in dataReference. If the JSON is invalid, it return false and sets a message in the StringReference structure.

The function has a bug if it is passed a valid JSON string and returns false, or is passed an invalid JSON and returns true. Validity is judged according to the JSON specification. It also has a bug if some of the data in the JSON string is not serialized correctly.

WriteJSON from JSON v0.5.7 – $100

Overview

Function: IsValidJSON

Library: JSON v0.5.7

Namespace: no.inductive.idea10.programs

Last bug found: ~2019

Bounty: $100

Bounty issued: 2023-06-25

About the function

The function is important for APIs and communication between services in general. The function can be used to serialize data for returning it as a result.

The function takes a structure of type Data and returns JSON as an array of characters. A character is a unsigned 16-bit integer.

The function has a bug if it produces JSON that does not serialize the data passed to it correctly.

GenerateDocument from TextualTemplates v0.1.15 – $100

Overview

Function: GenerateDocument

Library: TextualTemplates v0.1.15

Namespace: no.inductive.libraries

Last bug found: 2024-05-07 by Martin F. Johansen

Bounty: $100

Bounty issued: 2024-05-09

About the function

The function is used to generate documents based on templates. Examples of uses in production includes generating emails and web pages.

The function takes four parameters: 1) the template itself, written in a simple templating language, 2) the data for the template in JSON format, 3) a reference to return the document and 4) a reference to return a message.

If the function succeeds, true is returned and the document is set to the instantiated template. If the function fails, false is returned and the message is set to a string explaining the reason.

The function has a bug if it is passed a valid template and a valid JSON string, but either returns false or instantiates the template the wrong way.

AddDaysToDate from datetime v0.1.16 – $100

Overview

Function: AddDaysToDate

Library: datetime v0.1.16

Namespace: no.inductive.idea10.programs

Last bug found: 2017

Bounty: $100

Bounty issued: 2023-05-01

About the function

This function is important for use in planning, scheduling, billing and account systems.

It takes a date as a structure containing a year, a month and a day. It then adds (or subtracts) the number of days given to it and modifies the date given as the first parameter. If the date given is invalid or outside the range of the library, it returns false.

The function has a bug if it sets an invalid date, or set a date that is not the given number of days from the given date.

CreateStringDecimalFromNumber from numbers v0.1.28 – $100

Overview

Function: CreateStringDecimalFromNumber

Library: numbers v0.1.28

Namespace: no.inductive.idea10.programs

Last bug found: 2017

Bounty: $100

Bounty issued: 2023-06-25

About the function

This function is important for serializing numbers.

It takes a number as input and returns a string as output.

The function has a bug if it does not serialize the number correctly. The function assumes the input only has 15 digits of precision and that the exponent has two digits.

CreateNumberFromDecimalStringWithCheck from numbers v0.1.28 – $100

Overview

Function: CreateNumberFromDecimalStringWithCheck

Library: numbers v0.1.28

Namespace: no.inductive.idea10.programs

Last bug found: 2017

Bounty: $100

Bounty issued: 2023-06-25

About the function

This function is for parsing number data.

It takes a string, a number reference and a string reference as input. The string contains the number data. If the number is a valid base ten string, the function returns true, and sets the number reference to the parsed number. If the string does not contain a valid base ten decimal, it returns false and sets a message in the string reference saying what was wrong.

The function has a bug if it does not parse the number data correctly, or if it wrongly interprets the number as valid or invalid. The function will only read 15 digits of precision and an exponent of two digits.

UTF16ToUTF8 from Unicode v0.1.5 – $100

Overview

Function: UTF16ToUTF8

Library: Unicode v0.1.5

Namespace: no.inductive.libraries

Last bug found: 2017

Bounty: $100

Bounty issued: 2023-06-25

About the function

This function is important for serializing byte data from a string.

This function takes an array of characters and produces an array of bytes. The bytes encode the UTF16 encoded text as UTF8.

The function has a bug if it does not encode the UTF16 data correctly as UTF8.

BytesToTextBase16 from Bytes v0.1.9 – $100

Overview

Function: BytesToTextBase16

Library: Bytes v0.1.9

Namespace: no.inductive.libraries

Last bug found: 2017

Bounty: $100

Bounty issued: 2023-06-25

About the function

This function is important for creating a text representation of byte data, for transporting and storing binary data as text.

The function takes an array of bytes and creates a string with the base 16 encoding of the bytes.

The function has a bug if it does not correctly encode the byte data in base 16.

TextToBytesBase16 from Bytes v0.1.9 – $100

Overview

Function: TextToBytesBase16

Library: Bytes v0.1.9

Namespace: no.inductive.libraries

Last bug found: 2017

Bounty: $100

Bounty issued: 2023-06-25

About the function

This function is important for getting byte data encoded in a text representation.

It takes a string and produces an array of bytes.

The function has a bug if it does not produce the corresponding array of bytes that is encoded as base 16.

SequencerIteration from Sequencer v0.1.4 – $100

Overview

Function: SequencerIteration

Library: Sequencer v0.1.4

Namespace: no.inductive.libraries

Last bug found: 2017

Bounty: $100

Bounty issued: 2023-06-25

About the function

This function is important for processing requests in sequence. Thus, a program that does not support parallel processing can handle many requests.

It takes an array of clients, a single server and a state as input.

The function has a bug if it does not correctly sequence the requests to the server.

LoadBalancerIteration from LoadBalancer v0.1.3 – $100

Overview

Function: LoadBalancerIteration

Library: LoadBalancer v0.1.3

Namespace: no.inductive.libraries

Last bug found: 2017

Bounty: $100

Bounty issued: 2023-06-25

About the function

This function implements the core functionality of a load balancer. It spreads requests over a number of servers.

It takes an array of clients, an array of servers and load balancer state.

The function has a bug if it does not spread the workload correctly accross the servers, or it does not perform an incoming task, or if it performs the same request multiple times.

Bug Reports Under Consideration

No bugs are currently under consideration. Find a bug and report it!

Candidates

These are expected to enter the bug bounty program shortly. You can start looking for bugs in these and then claim them once the library enters the bug program.

UTF8ToUTF16 from Unicode v0.1.5

Overview

Function: UTF8ToUTF16

Library: Unicode v0.1.5

Namespace: no.inductive.libraries

Last bug found: 2024-05-05, by Dimitar Sotirov, awarded: $100.

About the function

This function is important for creating a string from byte data.

This function takes an array of bytes containing an UTF8 encoded string. It returns a string with the same string encoded as UTF16.

The function has a bug if it does not encode the UTF8 data correctly as UTF16.

Functions from datetime v0.1.16
Functions from LuhnAlgorithm v0.1.3
Functions from base64 v0.2.10
Functions from strings v0.9.14
Functions from numbers v0.1.28
Functions from DataStructures v0.1.1
Functions from PNG v0.1.22
Functions from FormulaTranslation v0.1.5
Functions from BasicFileSystem v0.1.6
Functions from Unicode v0.1.2
Functions from ResponseCache v0.1.0
Functions from DEFLATE v0.1.7
Functions from Sequencer v0.1.2
Functions from HighAvailability v0.1.1
Functions from LoadBalancer v0.1.2

About the Bug Bounty Program

Make money by finding bugs! Find bugs in functions in libraries. We select which functions in which libraries are a part of the bug bounty program. A function in a library enters the program if it 1) solves a problem and solves it well and 2) has been used in production for some time without a bug being reported or found.

The goal of this bug bounty program is to create completley bug free libraries that can be reused by anyone for all time. This is made possible by creating programs that only depend on the Timeless Instruction Set. This instruction set is stricter that most languages, which means that if it runs there, it most likely runs in most other languages as well.

These libraries are valuable even to those who do not use them directly. The libraries can be used as reference implementations or testing oracles for auditing other implementation of the same functionality.

Rules

  • A bug is valid input to a function which then produces the wrong output. What are allowed inputs and correct outputs are described for each function in the bug bounty program.
  • A bug report must merely contain the function being tested, the input to the function and the expected output. Send it to [email protected], and we will give you a reply swiftly.
  • Out-of-memory exceptions or timeouts are not considered bugs unless it can be shown that these are because of another bug causing a too high memory usage or spending too much time.
  • The bug must be reproducible when the code is run using the Timeless Instruction Set. In general, if the bug is present when running in Java, it will probably be present there as well.
  • There is a publicly available list of functions in the bug bounty program with associated rewards for finding one bug. Only one bug will be considered at a time. Whether a bug is being considered will be shown in the list. If there is no bug being considered at this point in time, go search for one to earn the bounty!
  • When a bug is reported, the bug bounty for that function will be marked as under consideration. If the bug is confirmed, the reward will be payed, the bug fixed and the library will go back to candidate status until we think it is of high enough quality to reenter the bug bounty program.
  • If a bug is not found for some time, we will raise the bounty. If you would like to contribute to raising the bounty, you purchase a bug guarantee certificate for a certain amount, and we will add that amount to the bounty (minus a fee). This money will then be awarded to someone who finds a bug, the bug will be fixed and you will be notified.

Building and Running the Libraries

Building and running the libraries are easy as they are all completely computational. Follow these guides to run and test the libraries:

Once the tests run, you know you have successfully built the libraries and you can start looking for bugs. Most libraries have a function called test, run it to test the library, even in the browser. For example, for the JSON library. They usually return the number of tests that failed, so expect a return of 0.

Guarantee Certificates

You can buy a certificate for a function guaranteeing that it is bug-free. If a bug is found, the money will go to the person who found the bug (minus a fee). The more people buy these, the higher the rewards for finding bugs in this function will be. The higher the reward and the longer it stands, the less likely it is that there is a bug. Progsbase itself will issue rewards for finding bugs as well.

If there are no bugs found for a long time, we can issue certificates stating the current amount of rewards and how long they have stood, the library's dollar years. For example, if a bounty of $1000 has stood for four years, the dollar years will be 4000 dollar years. This can be used as an indication for the quality of the library.

Contact Information

We would be more than happy to help you. Our opening hours are 9–15 (CET).

[email protected]

📞 (+47) 93 68 22 77

Nils Bays vei 50, 0876 Oslo, Norway

Copyright © 2018-24 progsbase.com by Inductive AS.