BlockBounty
Decentralized bug bounty platform where findings are encrypted until XRP is locked in XRPL escrow. No middleman, no trust required. Hunters get paid in seconds, anywhere.
Project Information
At a Glance
Decentralized bug bounty platform where findings are encrypted until XRP is locked in XRPL escrow. No middleman, no trust required. Hunters get paid in seconds, anywhere.
Description
BlockBounty is a decentralized bug bounty platform built on the XRP Ledger. It solves the two core trust problems in bug bounties: hunters risk submitting findings and never getting paid, and organizations risk paying for worthless reports
Key features
- Two-step reveal: encrypt first, escrow second, reveal third
- XRPL native escrow with crypto-conditions (RFC 5280 compliant)
- Reputation scores computed from submission history
- Severity-based payout grid with auto-depleting budget pools
- 24h auto-release timeout protecting hunters from unresponsive orgs
- Stateless auth via XRPL keypair signature verification
Technical Details
Monorepo with Express, better-sqlite3 backend and Vite, React 19 frontend.
Backend: App factory pattern with neverthrow Result types. Stateless HMAC challenge auth with XRPL signature verification (deriveAddress and verifyKeypairSignature). Crypto-conditions use SHA-256 preimage pairs encoded in ASN.1 DER for XRPL EscrowCreate compatibility. Fulfillment keys encrypted at rest with AES-256-GCM. Lazy auto-complete check on every GET ensures 24h timeout enforcement.
Frontend: React Router SPA with role-based UX (Organization/Hunter). Client-side AES-256-GCM encryption via Web Crypto API. Wallet integration via xrpl-connect with GemWallet adapter. 3-step wizard for program creation. Pure CSS with design tokens.
XRPL integration: EscrowCreate with crypto-conditions, EscrowFinish with fulfillment. Native XRP only (protocol limitation). Testnet deployment.
Team
2Thomas Marignan
XRPL User
Hackathon
HACK THE BLOCK 2026 Paris Blockchain Week XRPL Hackathon
Duration
Apr 11, 6:30 AM - Apr 12, 6:00 PM UTC