Bug Bounty Program

Make money by finding bugs in certain functions in libraries in this bug bounty program.

Currently in the Bug Bounty Program

Find a bug in one of these functions and earn the reward listed!

IsValidJSON from JSON v0.5.7 – $100

Overview

Function: IsValidJSON

Library: JSON v0.5.7

Namespace: no.inductive.idea10.programs

Last bug found: 2018

Bounty: $100

Bounty issued: 2023-05-01

About the function

The function is important for APIs and communication between services in general. The function can be used to check that the data coming in from the Internet is valid JSON.

The function takes JSON as an array of characters. A character is a unsigned 16-bit integer. It also takes a structure of type StringReference. It returns a boolean. If the JSON is valid it returns true. If the JSON is invalid, it return false and sets a message in the StringReference structure.

The function has a bug if it is passed a valid JSON string and returns false, or is passed an invalid JSON and returns true. Validity is judged according to the JSON specification, however, it is only possible to pass an array of 16-bit numbers to this function, which limits its scope.

GenerateDocument from TextualTemplates v0.1.12 – $50

Overview

Function: GenerateDocument

Library: TextualTemplates v0.1.12

Namespace: no.inductive.libraries

Last bug found: 2021

Bounty: $50

Bounty issued: 2023-05-01

About the function

The function is used to generate documents based on templates. Examples of uses in production includes generating emails and web pages.

The function takes four parameters: 1) the template itself, written in a simple templating language, 2) the data for the template in JSON format, 3) a reference to return the document and 4) a reference to return a message.

If the function succeeds, true is returned and the document is set to the instantiated template. If the function fails, false is returned and the message is set to a string explaining the reason.

The function has a bug if it is passed a valid template and a valid JSON string, but either returns false or instantiates the template the wrong way.

AddDaysToDate from datetime v0.1.16 – $50

Overview

Function: AddDaysToDate

Library: datetime v0.1.16

Namespace: no.inductive.idea10.programs

Last bug found: 2017

Bounty: $50

Bounty issued: 2023-05-01

About the function

This function is important for use in planning, scheduling, billing and account systems.

It takes a date as a structure containing a year, a month and a day. It then adds (or subtracts) the number of days given to it and modifies the date given as the first parameter. If the date given is invalid or outside the range of the library, it returns false.

The function has a bug if it sets an invalid date, or set a date that is not the given number of days from the given date.

Bug Reports Under Consideration

No one has been able to find a bug yet! Find a bug and report it!

Candidates

These are expected to enter the bug bounty program shortly. You can start looking for bugs in these and then claim them once the library enters the bug program.

Functions from datetime v0.1.16
Functions from LuhnAlgorithm v0.1.3
Functions from JSON v0.5.7
Functions from base64 v0.2.6
Functions from strings v0.9.14
Functions from numbers v0.1.28
Functions from DataStructures v0.1.1
Functions from PNG v0.1.22
Functions from FormulaTranslation v0.1.5
Functions from BasicFileSystem v0.1.6
Functions from Unicode v0.1.2
Functions from ResponseCache v0.1.0
Functions from Bytes v0.1.2
Functions from DEFLATE v0.1.7
Functions from Sequencer v0.1.2

About the Bug Bounty Program

Make money by finding bugs in certain functions in libraries in this bug bounty program.

The goal of this bug bounty program is to create completely bug free libraries that can be reused by anyone for all time. This is made possible by creating programs that only depend on the Timeless Instruction Set. This instruction set is stricter that most languages, which means that if it runs there, it most likely runs in most other languages as well.

These libraries are valuable even to those who do not use them directly. They can use the libraries as reference implementations or testing oracles for auditing another implementation of the same things.

Rules

  • A bug is valid input to a function that produces the wrong output. What are allowed inputs and correct outputs are are described for each function in the bug bounty program.
  • A bug report must merely contain the function being testet, the input to the function and the expected output. Send it to martinfjohansen at progsbase.com.
  • Out of memory exceptions or timeouts are not considered bugs unless it can be shown that these are because of another bug causing a too high memory usage or spending too much time.
  • The bug must be reproducible when the code is run using the Timeless Instruction Set. In general, if the bug is present when running in Java, it will probably be present there as well.
  • There is a publicaly available list of functions in the bug bounty program with an associated reward for finding one bug. Only one bug will be considered at a time. Whether a bug is being considered will be shown in the list. If there is no bug being considered at this point in time, go search for one to earn the bounty!
  • When a bug is reported, the bug bounty for that function will be marked as under consideration. If the bug is confirmed, the reward will be payed, the bug fixed and the library will go back to candidate status until we think it is of high enough quality to reenter the bug bounty program.
  • If a bug is not found for some time, we will raise the bounty. This will mean that it will be posssible to obtain certificates with the amount for the amount of time a bug has not been found. For example, FunctionX, a bug has not been found for 4 years with a $1000 bug-bounty.

Building and Running the Libraries

Building and running the libraries are easy as they are all completely computational. Follow these guides to test and run the libraries:

Once the tests run, you know you have successfully built the libraries and you can start looking for bugs. Most libraries have a function called test, run it to test the library, even in the browser. For example, for the JSON library. They usually return the number of tests that failed.

Guarantee Certificates

You can buy a certificate for a function guaranteeing that it is bug-free. If a bug is found, the money will go to the person who found the bug. The more people buy these, the higher the rewards for finding bugs in this function will be. Progsbase will issue rewards for finding bugs as well.

If there are no bugs found for a long time, we can issue certificates stating the current amount of rewards and how long they have stood, the library's dollar years. For example, if a bounty of $1000 has stood for four years, the dollar years will be 4000 dollar years.

Contact Information

We would be more than happy to help you. Our opening hours are 9–15 (CET).

[email protected]

📞 (+47) 93 68 22 77

Nils Bays vei 50, 0876 Oslo, Norway

Copyright © 2018-23 progsbase.com by Inductive AS.