$200 to the first person who can produce a valid Authority Receipt that passes our verify endpoint — without using the approval UI.
The target:
permission-protocol/pp-demo#32
The source code:
What counts:
- Forge a receipt that passes signature verification
- Replay an existing receipt against a different action
- Find a flaw in the Ed25519 signing/verification flow
What doesn't count:
- Spoofing a GitHub commit status with repo write access
- Social engineering
- Attacking infrastructure (this is a crypto challenge, not a pentest)
How to claim:
Open an issue with the exploit, or DM @rodchalski.
Payment: PayPal or Venmo, within 24 hours of verified bypass.
$200 to the first person who can produce a valid Authority Receipt that passes our verify endpoint — without using the approval UI.
The target:
permission-protocol/pp-demo#32
The source code:
What counts:
What doesn't count:
How to claim:
Open an issue with the exploit, or DM @rodchalski.
Payment: PayPal or Venmo, within 24 hours of verified bypass.