Electrum-Dime Client: Beta Release & Bounty Program

Dimecoin Network
6 min readMar 5, 2024

--

What is Electrum-Dime?

Electrum-Dime is a lightweight wallet that allows users to manage their dimecoins without downloading the full blockchain. It connects to external servers for blockchain information, providing fast and efficient access to transactions. Electrum-Dime clients offer a balance of security, convenience, and speed, making them suitable for everyday use while ensuring users’ private keys remain under their control.

As part of our commitment to delivering a secure and user-friendly experience with Electrum-Dime, we are excited to announce the launch of a bounty program that will accompany its release!

This initiative invites developers, security researchers, and enthusiastic users to participate in evaluating the software during its beta phase. We aim to identify and fix potential vulnerabilities before an alpha version is released to ensure Electrum-Dime is secure and reliable.

Participants can help contribute towards the project’s success by engaging with our platform and reporting issues. This program is a call to enhance the security and functionality of the Electrum-Dime client and an opportunity to foster collaboration within the Dimecoin community. We believe that together, we can achieve a higher standard of quality and security for everyone involved.

Beta Release

We are excited to announce the upcoming release of Electrum-Dime, set for March 20th. The application will be available across multiple platforms, including Windows, Linux, and Android, ensuring a wide range of users can benefit from our new lightweight client.

In our continuous effort to maintain transparency and security, we encourage users to verify the integrity of the downloaded software. Upon release, the app will be available to download directly from our official GitHub repository. To ensure you are using an authentic and untampered version of Electrum-Dime, we recommend comparing the GPG signature used to sign the download files outlined in the verification section below.

This release marks an update and a leap forward in providing an efficient and user-friendly experience when using Dimecoin. Stay tuned for the release on March 20th. Your support and participation in our beta release are invaluable to us. We look forward to continuing to build and improve based on received feedback.

Verification

To ensure the integrity and authenticity of the files you download from our GitHub repository, follow these steps to verify them using GPG (GNU Privacy Guard).

Steps to Verify with GPG

  1. Import the Public Key
  • Before verifying the file’s signature, you need to import Douglas ‘Dhop14’ Hopping’s public GPG key that was used to sign the file.
  • Retrieve and import the key from a public key server using the fingerprint A3E6 459E 3707 BC46 849A C0AA 964D A787 DBC8 3054
    Remove spaces from the fingerprint and use the following command:
gpg - keyserver hkp://pgp.mit.edu:80 - recv-keys "A3E6 459E 3707 BC46 849A C0AA 964D A787 DBC8 3054"

2. Download the File and Its Signature

  • Download both the system file and its corresponding GPG signature file (ending with.asc) from the links provided in the table on the GitHub release page.

3. Verify the Signature

  • To verify the signature of the downloaded file, use the following command. Replace your-file and your-file.asc with the actual names of the downloaded files:
gpg - verify your-file.asc your-file
  • If the signature is authentic and valid, GPG will confirm that the signature is good.

Verification Troubleshooting

  • Signature Not Trusted: If you receive a message that the signature is not trusted, it might mean that the public key is not trusted in your GPG keyring. This does not necessarily indicate a problem with the signature as long as the key is correct and belongs to the expected signer.
  • Verification Failure: If verification fails, it could mean the file has been tampered with or corrupted during transit. Try re-downloading the file from GitHub.

For more detailed instructions on using GPG, visit the GNU Privacy Guard documentation. If you have any issues with verification, please reach out to our development team on Telegram or via Email.

Note: Always ensure that you have the correct and trusted public key for verification. The public key can be obtained from the project maintainers or from a trusted key server (example provided above).

Bounty Program Details

Objective:
To incentivize the discovery and reporting of bugs in the Electrum-Dime clients on Windows, Linux, and Android so we can enhance the overall security and user experience of using the application.

Scope

  • Bugs and vulnerabilities in the Electrum-Dime client software for Windows, Linux, and Android versions.
  • Issues must be previously unreported and unknown to the Dimecoin development team.
  • Security vulnerabilities, functional bugs, and critical performance issues.

Out of Scope

  • Issues in third-party libraries or dependencies not directly maintained by Dimecoin Developers, unless they directly affect the Electrum-Dime client.
  • Website, translations, or documentation errors.
  • Issues that have already been submitted by another user or are already known to the project team.

Rewards

Rewards will be determined based on the severity and impact of the issue reported.

Severity will be assessed according to the Common Vulnerability Scoring System (CVSS 3.0):

  • Critical: Up to 15,000,000 in DIME
  • High: Up to 5,000,000 in DIME
  • Medium: Up to 1,000,000 in DIME
  • Low: Up to 500,000 in DIME

Reward amounts listed above are for example only. The final reward amounts for each tier will be decided by the Dimecoin team and may vary based on the issue’s complexity, impact, and the quality of the report. Official reward details will be published upon the release of the beta software. To learn more about CVSS click here:

Bounty Tiers

Reported Vulnerability
Standard bounty rewards for reported vulnerabilities that are validated by our team as noted above. The severity of the issue will determine the reward amount within our predefined ranges.

Reported Vulnerability with Solution
For participants who not only report a vulnerability but also provide a viable solution, the reward will be increased as a recognition of their extra effort. This bounty encourages a proactive approach to problem-solving and significantly accelerates the resolution process.

  • Low Level Issue: Standard reward + 40% bonus
  • Medium Level Issue: Standard reward + 60% bonus
  • High Level Issue: Standard reward + 85% bonus
  • Critical Issue: Standard reward + 110% bonus

Guidelines for Solution Submission

Code Quality
Submitted solutions should follow best coding practices, including readability, efficiency, and maintainability. Solutions should be submitted as pull requests to the relevant GitHub repository with detailed comments and documentation where necessary.

Testing
Solutions must include tests that demonstrate the issue’s resolution without introducing new vulnerabilities or affecting existing functionalities negatively.

Compatibility
Solutions should not compromise the software’s compatibility across supported platforms (Windows, Linux, Android).

By implementing this tiered approach, we aim to create a collaborative and solution-oriented community around Dimecoin.

Contributors who go the extra mile by providing not just valuable feedback but also actionable solutions play a crucial role in enhancing the software’s security and functionality.

How to Report
Participants are encouraged to report issues via GitHub to keep track of the discussions and resolutions transparently.

For sensitive or security-critical issues, please use our dedicated security email: developer@dimecoin.com to report directly to our development team.

Reports should include:

  • A clear and concise description of the issue.
  • Steps to reproduce the issue or proof of concept.
  • Any relevant screenshots or logs.
  • Suggestions for possible solutions or mitigations, if any.

Terms and Conditions
Participants must not exploit any critical vulnerability or issue nor disclose it publicly before it has been fixed.

Participants are responsible for complying with local laws and regulations.

The Dimecoin team reserves the right to decide if the reported issue qualifies for a reward and to determine the reward amount.

Duplicate reports will not be rewarded — the bounty goes to the first person to report the issue.

Dimecoin Developers are not eligible for rewards.

Privacy and Permission
By submitting a bug report, participants grant Dimecoin Developers permission to use, disclose, reproduce, distribute, and otherwise exploit the submission without restriction.

Personal information collected during the submission process will be used only for the purposes of the bounty program and will not be disclosed without the reporter’s consent, except as required by law.

This program is intended to foster collaboration and improve the Electrum-Dime client while rewarding the community’s effort and contributions. We look forward to your participation and thank you for helping make Dimecoin safer and more reliable.

Closing Thoughts

We encourage everyone to participate, whether by reporting issues, suggesting improvements, or simply spreading the word. Your contributions will help shape the future of Dimecoin, making it safer and more accessible for everyone.

Thank you for your continued support and participation. Together, we can achieve great things and continue to build a secure network while growing the Dimecoin community. The release will be accompanied by an official release announcement, so stay tuned!

Important Links

Web: https://www.dimecoinnetwork.com
X: https://twitter.com/Dimecoin
Telegram: t.me/Dimecoin
Discord: discord.gg/JqcKF4v
GitHub: https://github.com/dime-coin

--

--

Dimecoin Network
Dimecoin Network

No responses yet