Preface: This post will probably be ignored, but maybe one person will care.
After reading steve-walschot 's post, I became aware of the burden that exists on pen testers to reveal exploits.
Indeed, while they'd like to make money, they don't want to execute the hack lest they be criminally charged/shunned by their community.
So they face a dilemma:
1 Reveal the exploit by devs and make nothing and possibly be criminally charged
- Execute the hack and risk being criminally charged.
I've always recommended zero-day exploit markets to sell exploits with greater security than the other two.
Though, they don't serve well to detach you from the hack, and you may still be criminally liable for enabling the hack.
Solution:
DAO built on ZeroCoin blockchain - for anonymous, unrecordedtransactions.
Only thing recorded is time a transaction took place with no sender/receiver address.
DAO structure
Funding pool for trusted third party security companies which formally verify legitimacy of exploits for the DAO.
Why would they be trusted?
In the fiat world, security companies that leak information don't survive.
Ensure the security company signs a non-disclosure agreeement with the DAO.
Funding pool for lawyers to write up and enforce the honouring of non-disclosure agreements.
Funding pool for third party Marketing, for advertising either lawyer/security positions or for the general growth of the DAO.
Benchmark pay for DAO to hacker, with x% commission on short gains, paid out as soon as the hack has been successfully executed.
Embedded rating system for security company to judge quality of exploit.
Benchmark pay linked to this embedded rating system.
These exploit funds are managed (programmatically) to avoid a run on bank.
Built in intepreter/compiler with general interface to run code programmatically based on DAO voting.
DAO account created in an exchange which holds supply of crypto-stock to short.
The DAO can only interact with the exchange through APIs, triggered by yes/no votes in proposals.
Example Scenario
Assume lawyers, companies and marketers have already been appointed and have all signed relevant non-disclosures.
1. Steve finds a flaw in bitcoin wallets.
2. He sends it to the DAOs designated security company through a specified communication channel.
3. They verify that the exploit is legitimate, debug any source code, and provide in a format such that it can run on the DAO interface, and provide a 'yes' affirmation to the DAO.
4. Along with 'yes' affirmation company provides rating of the exploit.
5. DAO voters vote on releasing the funds based on the blockchain .
6. A 'yes' vote triggers the DAO to release benchmark funds in specific address through anonymous Zero coin blockchain to hacker.
7. This 'yes' vote (with a min quorum and a sufficient majority) opens up a code transfer medium that interacts with DAO interface to run the code, which is provided and formatted by the security company.
8. The amount to be shorted (i.e. it's equivalent in crypto-stock) is a function of the rating system, and accounting for the DAO to remain solvent, all programmatically derived.
9.This 'yes' vote interacts with the exchange API to short the equivalent of the derived amount of DAO funds in the crypto-stock .
10. After a successful hack and a successful short within a specified time frame, 20% ( or arbitrary numbr) commission on profit goes to the hacker.
- After a successful hack and an unsuccessful short within a specified time frame, there must be some loss mitigating built in algorithm which is triggered.
- After an unsuccessful hack and a successful short within a specified time frame, hacker receives no commission.
- After an unsuccessful hack and a successful short within a specified time frame, there must be some loss mitigating built in algorithm which is triggered.
#money #investments #investment #technology #cryptocurrency #anarchism #steemit
I hope someone is translate this post at russian. Interesting information, but i can get details.
If you tell me which parts you struggle with, I can try my best to help you!
No
yes