# Bounty Board

The **Bounty Board** is the public discovery layer of Tirai.

It allows project owners to post bug bounties tied to their protocols and receive applications from whitehat researchers — all without leaving the privacy guarantees of the underlying Cloak Shield Pool.

<figure><img src="/files/ks1NXYTudHlt242mBUmB" alt="" width="563"><figcaption></figcaption></figure>

Each bounty represents a **public commitment**:\
the project will pay privately if a researcher delivers a valid solution.

## How a Bounty Is Posted

When creating a bounty, a project owner defines:

* **Title** — short description of the issue or scope
* **Description** — full vulnerability scope, acceptance criteria, eligibility
* **Reward Amount** — denominated in SOL or supported SPL token
* **Deadline** — defines the time window for valid applications
* **Contact Channel** — how researchers reach the project (Telegram, Discord)

Once created:

* The bounty becomes **publicly discoverable** at `/bounties`
* Metadata is stored in Supabase with row-level security
* No funds are moved on-chain at this stage — funds are deposited only at payout time

<figure><img src="/files/2uMXzobI8sMxkQNA7Yf7" alt="" width="563"><figcaption></figcaption></figure>

## Application & Acceptance Flow

From the researcher's perspective:

1. Browse open bounties at `/bounties`
2. Click a bounty to see full description
3. Apply by submitting a contact handle
4. Wait for the project to accept

From the project's perspective:

1. Review applications in their dashboard
2. Accept one researcher
3. UI auto-redirects to `/pay` with the form pre-filled and locked

## Wallet-Based Authentication

The bounty board uses **wallet-signed authentication**:

* Sign in via one EIP-191-style message signature
* JWT issued by the Railway-hosted auth-server (valid 1 hour)
* No email, password, KYC, or PII collected

The same wallet acts as both project and researcher identity, with no role-switching required.

## Why the Board Is Optional

The Bounty Board is **not required** for payments to work.

`/pay`, `/claim`, and `/audit` all function standalone:

* For private engagements coordinated off-platform
* For one-off whitehat rewards
* For internal team payouts

The board is a discovery and matching convenience, not a privacy primitive.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://moai-3.gitbook.io/tirai-frontier/products/bounty-board.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.