Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
curtisblaine 6 hours ago

Bots are using real tokens for this. So, ultimate honeypot idea: post heavily commented skeleton code in a github repo, promise a generous money reward for closing issues and never pay anyone. See the bots swarm and burn their tokens to write code for you.

mackeye 6 hours ago | parent | next [-]

:D https://github.com/UnsafeLabs/Bounty-Hunters

nottorp 4 hours ago | parent | next [-]

Is there a description of this project on any other site? They clearly can't post it's bot bait on the git repo, and maybe not on the leaderboards site because it's linked from the repo.

But there must be some announcement about the project somewhere? I'd like to get that to pass it around.

toraway 33 minutes ago | parent [-]

The disclosure about being a honeypot is in the CONTRIBUTING.md:

  Warning

  Heads up: This is a research project — bounties listed here are symbolic and   part of an academic study on open-source contribution patterns. PRs are reviewed for research purposes only and will not be merged into production. If you're looking for paid bounty work, this is not the right repo.
Which makes it slightly surprising those bots with system prompts to find "high value bug bounty targets" or similar aren't deterred by that when they pull the repo.

I guess a sort of task blindness where once they've gone as far as to git clone they've already switched gears from searching Github for qualifying bounties into a find bug->fix bug->open slop PR mindset to close the loop and end the turn? By that point an incidental warning they ingest in passing while looking for the Solana contract vulnerability they already committed to working on in a comment might not even register as relevant to the current task at hand.

5 hours ago | parent | prev [-]
[deleted]
charcircuit 4 hours ago | parent | prev | next [-]

Not paying people is not a "prank." You can be taken to court and forced to pay for their services rendered.

An ultimate honeypot would not give the creator so much financial liability for passing out "generous" rewards.

dakolli 6 hours ago | parent | prev [-]

[flagged]

3628637282 5 hours ago | parent [-]

[flagged]