Bounty xxB-2024-003: Haven Browser Extension Implementation
Overview
This bounty rewards developers for implementing a secure browser extension for Haven that moves sensitive data storage (including user identity secrets) out of localStorage into a more secure extension-based storage system. The implementation will modify existing Go libraries and create browser extensions for Firefox and Chrome.
Prize Pool
Total Prize: 1,250,000 xx (~$62,500 USD)
Breakdown:
- Milestone 1 - Go Library Modifications: 300,000 xx
- Must be completed before subsequent milestones
- Milestone 2 - Extension Interface Design: 200,000 xx
- Milestone 3 - Extension Implementation: 300,000 xx
- Milestone 4 - Haven Integration: 250,000 xx
- Milestone 5 - Store Publication: 200,000 xx
Requirements
Eligibility
- Participants must complete KYC verification
- Participants from OFAC-sanctioned countries are not eligible
- Multiple contributors may collaborate on submissions
- Existing xx network contractors are eligible, but must recuse themselves on bounty related decision making if they decide to participate.
Technical Requirements
- Milestone 1 - Go Library Modifications
- Extend xxdk-wasm library to support external KV stores
- Implement KV interface defined in collective/versioned/kv.go
- Add functions to pass in KV interface supporting objects
- Maintain compatibility with existing localStorage implementation
- Complete documentation and test coverage
- Milestone 2 - Extension Interface Design
- Research existing extension architectures (e.g., polkadotjs-extension)
- Define interface requirements for KV storage
- Document security considerations
- Create detailed technical specification
- Design extension architecture
- Define communication protocols
- Milestone 3 - Extension Implementation
- Implement extension for both Firefox and Chrome
- Secure storage implementation
- Background script functionality
- Content script integration
- Message passing system
- Error handling
- Security hardening
- Cross-browser compatibility
- Milestone 4 - Haven Integration
- Proof of concept integration with Haven
- Migration system from localStorage
- Fallback mechanism
- Performance optimization
- User experience improvements
- Integration testing
- Security audit
- Milestone 5 - Store Publication
- Extension packaging
- Store listing preparation
- Documentation for users
- Marketing materials
- Support documentation
- Publication to Chrome Web Store
- Publication to Firefox Add-ons
- Maintenance plan
Implementation Requirements
- Technology Stack:
- Go programming language
- xxDK and xxdk-wasm libraries
- Browser Extension APIs
- WebAssembly
- Modern JavaScript (ES6+)
- Security Requirements:
- Secure storage of sensitive data
- Protection against XSS attacks
- Protection against extension tampering
- Secure communication channels
- Data encryption at rest
- Access control mechanisms
Submission Requirements
- Source code must be:
- Open source (same license as xxDK)
- Submitted via merge request to appropriate repository
- Well-documented
- Passing all tests
- Following project coding standards
- Security audited
- Documentation must include:
- Technical specification
- Security analysis
- API reference
- Integration guide
- User guide
- Development guide
- Build/installation instructions
Judging Criteria
Submissions will be evaluated on:
- Completeness of implementation
- Security considerations and implementation
- Code quality and maintainability
- Documentation quality
- Test coverage
- Performance
- User experience
- Cross-browser compatibility
Timeline
- Submissions accepted until completed or program ends
- Reviews will occur within 2 weeks of submission
- Prizes paid within 30 days of approval
Payment Terms
- Prizes paid in XX tokens
- Multiple submissions may split prize pool
- Major awards (>50,000 XX) subject to 6-12 month linear vesting
- All payments subject to KYC approval
- Partial payments may be made at discretion
- Payments may be locked in a linear vesting schedule for up to 1 year
Contact
Submit questions and proposals through:
- Repository issues
- Developer forum
- Developer chat channels
Please respond in the forum if you are pursuing this bounty.
Legal
- xx network reserves right to modify bounty terms
- All submissions must comply with applicable laws
- Participants retain rights to submitted code under project license
- xx network not responsible for lost or invalid submissions