Most bug bounty programs work like this: find a vulnerability, write a report, wait 3 months, argue about severity, maybe get paid in fiat after signing an NDA. The payout has no connection to the infrastructure you used to find the bug. A researcher running Burp Suite on a $3,000 MacBook Pro gets the same reward as someone who reverse-engineered the protocol on a 2002 PowerBook G4. RustChain's bounty system works differently. Bounties are GitHub issues denominated in RTC tokens. Security researchers get paid from a community fund with a transparent cap. And if you happen to mine RTC on vintage hardware while you're researching -- your PowerBook G4 earns 2.5x what a modern laptop earns. This is not a metaphor. We literally pay more for older computers. Every bounty is a GitHub issue on Scottcjn/rustchain-bounties. The issue title describes the target. The body specifies the reward in RTC. The label tracks status. When someone submits a valid finding, they get paid in RTC to their miner wallet. No portal. No signup. No intermediary taking 20%. Open a GitHub issue, read the scope, do the work, submit a PR or write-up, get tokens. The reference rate is 1 RTC = $0.10 USD. So a 200 RTC bounty is a $20 bounty. That's modest by HackerOne standards -- but the bounties are designed to be accessible to independent researchers, not to attract corporate red teams billing $500/hour. And the tokens appreciate if the network grows. Right now there are 6 active security bounties totaling 900 RTC ($90 at reference rate):

Bounty Target Reward Difficulty

Ledger Integrity Forge or tamper with transaction history 200 RTC Hard

Consensus Attacks Break RIP-200 round-robin, forge attestations 200 RTC Hard

Epoch Settlement Manipulate reward calculation or distribution 150 RTC Medium

Pending Transfers Exploit the pending transfer queue 150 RTC Medium

API Auth Bypass admin authentication or escalate privileges 100 RTC Medium

Ergo Anchor Forge or replay Ergo blockchain anchors