My day job involves mobile app penetration testing but I am very interested in the Blockchain space. While I do see the potential of smart contracts, and the ridiculous amount of money that has been made on DeFi, I am hesitant to put my own money into it because of how many bugs I see in mobile apps that are on app stores now.
The thought of putting money into un-audited code gives me shivers ... I would love to see a decentralized bug bounty platform (similar to HackerOne or BugCrowd) with a focus on smart contract audits.
The nature of smart contracts is that they are (mostly) open source - so a smart contract audit could take place entirely on Github as users could examine code and make Pull Requests (PR) to fix it before it is deployed to MainNet. But in order to get more eyeballs on these smart contracts there will need to be a incentive for auditors.
My hope is this project is beginning of building a decentralized bug bounty platform for smart contracts (powered by ChainLink Oracles)
What it does
The External Adapter I wrote takes the inputs for an associated Github Pull Request (PR Number, Owner, Repo) and then checks the Github API to see if that pull request has been merged. Per the GitHub documentation a merged pull request will return a 404 response and unmerged will return a 204 repsonse (which I know is confusing) link
The Smart Contract I wrote will communicate with a ChainLink Oracle running the External Adapter and allow users to register their PRs with the smart contract (so a Wallet Address becomes associated with a PR) and check whether or not the PR has been merged. If a PR has been merged then the associated Address will gain 5 PAW tokens (custom ERC-20)./
The Front-End that my friend/teammate Jake built ties the External Adapter and Smart Contract together by using web3.js to give the user an easy to use UI.
How I built it
Honestly I built this by reading tutorials and tweaking the sample code in using them.
To get the EA operational I had to ask for help in the discord server and found someone that was nice enough to host the EA on a Node on Kovan network.
Smart Contract involved a lot of trial and error and redeploying contracts on remix.
The web3.js was frustrating because I did't learn how to test locally so I had to push up to Github everytime I wanted to see change in how frontend worked.
Challenges I ran into
The main challenge with the EA was the fact that out of the box the ChainLink client will ignore a 404 response... but unfortunately for me I needed to see the 404 because that is how I know something was merged. So I had to make some tweaks to code.
I am new to smart contract development so I struggled with basics here. Figuring out the mapping was quite difficult and could be done much better
Web3 just has lack of documentation (or conflicting documentation) so was just painful in general.
Accomplishments that I'm proud of
I am proud that I was able to get everything working that I wanted to by the end of this Hackathon.
I haven't built a full project like this since my coding bootcamp in 2017 so I am very rusty on some basics of development - but I was still able to get a working proof of concept even though I was using brand new technologies and a language I just started learning last month (Solidity)
What I learned
I learned the hard way that I really need to learn how to set up truffle and test things locally. This project I basically just kept deploying new test contracts to see if my concepts worked... very painful.
I also learned a TON about the Ethereum network and how to interact with it. This was also my first exposure to ChainLink so I was glad I had a chance to build External Adapter because I have a bunch of ideas I'd like to build out as well.
What's next for MonkeyPaw - Platform to Incentivize Open Source Contribution
So first thing would be resolving security issues I have with smart contract (there are a lot :) ). Because I just wanted to get a proof of concept I took a bunch of shortcuts that have real implications (i.e public functions that should not be public).
Next I would like to improve the contract to allow more functionality ( i.e The paw tokens could be used as governance tokens and holders could up vote issues or PRs).
Then I would like to build out a better UI using react or something similar.