Review on KEY ID Bounty Activity and Announcing Nirvana Plan

Published in

MYKEY Lab

5 min readJan 14, 2020

MYKEY held the first KEY ID Bounty activity involving more than 50 developers in November 2019, 13 of them completed the well-designed tasks and received a total reward of $4000 worth of tokens. This activity shows the high skill of blockchain developers and makes users understand that MYKEY is only the implementer and integrator of the KEY ID protocol and has no motivation or ability to control users’ assets, it means that even if the MYKEY team disappears, their assets will still belong to themselves. This article will review the Bounty activity to see how developers overcame difficulties. Besides, we will be honored to announce that MYKEY Nirvana Plan is officially opened!

Activity Review

A developer named Joe won the final reward and also shared the technical details and the journey of participating in this activity. But Joe’s article is more technical, so MYKEY will neaten the clues for this activity and tell everyone in a more popular way how $4000 worth of tokens were transferred.

The bounty account of this activity was mykeyscounty and four clues were given to the memo transferred to this account. The account had $4000 worth of tokens for developers. The account transferred out $20 worth of tokens every hour until someone froze the account, and the person who froze their accounts would get the key transferred out. Let’s see what’s behind every clue.

Clue 1: Tools for Character Transformation

https://github.com/mykeylab/MnemonicTool

The first clue gives a tool that can convert recovery phrases to private keys. The recovery phrase is the administrative authority of the user that needs to be saved offline when enabling the account. At the same time, information about building trading tools and sample code are provided in this GitHub catalog.

Clue1 is mainly for developers to learn the conversion method of recovery phrase to private key and the transaction construction method of the KEY ID protocol. For a deeper understanding of the principle, you can read related documents of GitHub and BIP39 protocol.

Clue 2: Mysterious Recovery Code

Ask language rude digital glare thumb civil cousin urban trial lake second

The second clue gives the recovery phrase of 12 English words. According to the KEY ID protocol, the administrative authority cannot directly operate the asset. If you want to directly operate the asset, you need to replace the operation authority first, but it will take 7 days in the absence of an emergency contact. Once the recovery phrase is public, everyone can cancel the operation, so this path is impossible. According to the prompt, the account can be frozen so that the key cannot be decreased meanwhile the sooner you freeze, the fewer rewards you will receive. What will developers do?

Clue2 is mainly to guide developers to freeze accounts and understand that recovery phrases cannot directly operate assets.

Replay:

The account mapablesharp was the first one to freeze the account mykeysbounty and initiated a delay action to modify the operation authority. Then the account lichangdev11 initiated a delay action to unfreeze the account.

Clue 3: Is an Emergency Contact Useful?

https://gist.github.com/clar/18c01da77a8f6f1350e73ff4bf18863f

https://github.com/mykeylab/mykey-bounty-tool

The third clue gives some information about how the emergency contact can assist users to operate the account. Developers can see that the account mykeyscounty has an emergency contact bountybackup, if they can get his assistance, they will immediately replace the operation authority and receive the reward. But how to use the emergency contact?

Clue3 is mainly to guide developers to learn how to use an emergency contact to help users quickly replace the operation authority.

Replay:

The accounts such as gy2dgmztgqge, osbeyondeth, eostothelian, wangsanduoyu and so on had all successfully interacted with the MYKEY contract by referring to the sample scripts provided in the clue. However, these operations were delayed due to the lack of emergency contact assistance so that no one could receive the reward.

Clue 4: Regular Expression

https://github.com/mykeylab/mykey-bounty-tool; ^[a-z]{2}[0–9]{8}

The fourth clue gives the operation private key keystore of the account bountybackup and the regular expression of keystore password prompt with two minuscules and eight digits. The password is specially set to mk20190820, the date MYKEY officially launched.

Clue4 mainly gives the authority of emergency contact and tests the ability of developers to crack passwords.

Replay:
The account mapablesharp cracked the operation private key keystore to initiate the multisig proposal to successfully modify the operation authority of the account mykeyscountry and finally received the reward.

It’s worth mentioning that the account chuxinghuxin cracked the operation private key keystore and initiated a multisig proposal before the account mapablesharp, but he did not perform the proposal so that miss the reward.

Nirvana Plan

This activity attracted a large number of excellent developers so that the KEY ID ecosystem has become stronger. In order to further improve the robustness of the KEY ID protocol and ensure that users’ assets can still be easily transferred when MYKEY is not, MYKEY has opened the “Nirvana plan”, sought relevant tools from the developer community, and set up a large number of rewards. For more questions, please contact us: support@mykey.org

The requirements are as follows:

(1) Android or IOS version is required for this tool, including basic functions such as importing MYKEY account recovery code, reauthorizing and transferring. If more functions are available, there will be additional rewards.
(2) The tool needs to be open-source under the apache-2.0 protocol and will be exposed to https://mykey.org/.
(3) The current period of activity is always valid.
(4) After the end of the activity, the tool selection will be organized. Any developer who successfully submits the tool will receive a reward. Besides, one first prize, two second prizes and three third prizes will be selected to receive a $200, $100, $60 worth of tokens reward respectively. At the same time, the developers will get opportunities to communicate with the official members and participate in the Technology Salon and workshop organized by the official organization.

Finally, Welcome to read Joe’s article: (Chinese Link: https://bihu.com/article/1224254458 )

About Us

KEY GROUP ：https://keygroup.me/

MYKEY Web: https://mykey.org/

BIHU: https://bihu.com/people/1133973

Telegram: https://t.me/mykey_lab

Twitter: https://twitter.com/mykey_lab

Medium: https://medium.com/mykey-lab

Github: https://github.com/mykeylab

Slack: MYKEY LAB

Youtube: MYKEY Laboratory