We are solving challenges of traditional bug bounty platforms where businesses have to trust 3rd parties with sensitive data and whitehats have no guarantee of payment for their services
Imagine reporting a bug to a bug bounty program and not getting paid for it! We solve this by using TLS notary and Lit protocol. Assume you have an SQL injection bug, we allow you to hide the secret sauce ( the attack http request ) , but reveal the http response which is cryptographically attested so the affected business can very your report cryptographically and understand the impact. Now for the payment part, we use the lit protocol to encrypt the http request/ response which can be decrypted by the business after payment to an address or holding an NFT etc. This allows for guaranteed payment if the business is interested in fixing the bug and removes issues like whitehats not getting paid or 3rd party services stealing bug techniques/ reports. It also solves the issues of businesses disclosing sensitive information to 3rd party services.
We used TLS notary to attest to http request response and made the http request configurable using a json scheme , we also made it possible for whitehat to hide request headers/ request body or both.
We also used LIT protocol to encrypt the http transcript with access control such that only the business affecyed can decrypt the report, but ensures the whitehat gets paid before this report can be decrypted.
This system aligns incentives for whitehats and business and creates a marketplace where bug reports can be priced correctly. As more whitehats and business use this platform, the platform may choose to buy a whitehats report thats cheaper than the very first report, there by choosing their own risk threshold and incentivising white-hats to price reasonably.