Decentralized Security Bounty Management on Blockchain and IPFS

Document Type

Conference Proceeding

Publication Date


Publication Title

2020 10th Annual Computing and Communication Workshop and Conference (CCWC)


Institute of Electronics and Electrical Engineers

Publisher Location

Las Vegas, NV

First page number:


Last page number:



The rise of decentralized applications (DApps) have received great attention over the recent years due to the surge of attention towards blockchain technologies. Motivated by these recent disruptions, this paper introduces a blockchain based bug bounty program named Bountychain. This DApp utilizes an Ethereum based smart contract system and an interplanetary file system (IPFS) storage paradigm intended to be used by companies, industries, and testers. The smart contract model provides a safe, secure, and transparent platform for a bug bounty program. Testers will submit bugs via the blockchain, and companies will accept or reject the defect via the blockchain. Thus, testers will automatically get paid via the in-built smart contract system on a web interface, which will allow the tester to gain recognition and status no matter which company's bugs they find. The transactions on the chain will serve as a persistent and transparent record of software bugs, and IPFS will serve as a long-term storage system for bug details.


Blockchain; IPFS; Ethereum; Smart Contract; Bug Bounty Program; Cyber Vulnerability Market


Computer Sciences



UNLV article access