Today, we are publishing a Smart Contract for public review.

Indorse is a decentralized professional network being built on the Ethereum blockchain. We leverage several decentralized technologies like BigchainDB (official), IPFS, Airbitz (now Edge Secure) and soon, uPort and Civic. We are releasing one of our Smart Contracts for public review. It is already undergoing a formal audit by Hacken.

Connections Smart Contract

The connections smart contract is a generic smart contract which allows several entities to get connected and prove their connections directly on the blockchain in a trustless manner. The first use case for this contract is that pre-ICO (or post-ICO) companies can trustlessly verify that their advisors have actually consented to work with them. Both the company and the advisor needs to sign a transaction on the blockchain in this Smart Contract to prove this.

The connections smart contract can have several different types of connections, and it is agnostic to these types. It could be a uni-directional connection or a bi-directional connection. In the case of advisors, it has to be a bi-directional connection. This same concept can be applied to several other use cases subsequently, which includes validating team members, validating partnerships with other companies, etc.

You can find the contract code and other documents in this repo — https://github.com/indorseio/connections

Bug bounty

We will run a bug bounty for two weeks and the scope of the bug bounty will be limited to the Connections.sol smart contract. The bug bounty will vary depending on the severity judged by the Indorse team. We are going to follow the OWASP model risk rating model based on Impact and Likelihood, as employed in the Ethereum bug bounty campaign.

OWASP model

Bounty payout is as follows:

Low: Up to 0.1 ETH

Medium: Up to 0.2 ETH

High: Up to 0.5 ETH

Critical: Up to 1 ETH

Bounty rules/guidelines

Bounties go to the first to report. Don’t steal or attempt to steal others’ funds. Don’t publicly disclose a bug before it has been fixed. Paid auditors of this code are not eligible for rewards. Issues that are mentioned in the security audits are not eligible. Non-security critical issues (style issues, gas optimizations) are not eligible. Determinations of eligibility, score and all terms related to an award are at the sole and final discretion of the Indorse team.

You can find the contracts on our Github repo and submit the bounty reports to bounty@indorse.io. Please put the subject line — “Indorse Connections Bug Bounty”

Happy hunting!!!

You can find more information about Indorse and the Indorse white paper at indorse.io