issuETH - the GitHub app for issue bounties

on
2 minute read

Motivation

I really liked the idea of commiteth and wanted to use it for WALLETH and other projects - but had a problem with the permission model of commiteth.

I am not brave enough to give a 3rd party these permissions to my Github account. Unfortunately fixing this is not a simple change to this project that I could just fix via a PR. The fix is to use github-apps and not the old oauth-flow. You can get more details about this problem in a video of the recent GitHub Satellite 2017

issuETH

I figured to get faster to where I wanted to go: it is better to create a project from scratch. So issuETH was born. As it is a github-app - you can easily enable it for your projects. To install it please go to https://github.com/apps/issuETH

It requires very little permissions:

Basically you just interact with this bot via issues. If you attach a label with the text “bounty” to any issue on some repository that has issuETH enabled: then issuETH will generate a keypair and comment on the issue with an ERC-67 QR-Code.

You can then use this QR-Code to add value to this account - e.g. with WALLETH. This does not have to be Ether - this could (and perhaps should) better be tokens. E.g. your project tokens. They don’t even need monetary value - you could just us them for voting. IssuETH is also showing you transactions for this account:

The token-definitions are from: https://github.com/MyEtherWallet/ethereum-lists

The crux

Now the crux: how to get the value to the beneficiary. I do not want or can pay the transaction fees for all projects that use this app. Also it is not trivial to always be sure to transfer all possible value from different networks with different tokens.

So what issuETH is doing for now is to hand over the private key to the account that was created by issuETH for this issue to the current assigned user at the point of closing the issue. As I found no way to contact the user with the github API (perhaps this is a good thing :) the solution is to encrypt the private key with the PGP key of the user and answer publicly on the issue.

Sure this is more hands-on than one would like - but I think it is perfectly fine for the MVP. Ideally in the future we can do magic here with smart-contracts and oracles.

Currently you only get notifications for the Rinkeby network. The geth node to serve the chain-watcher is still syncing. But once this is finished it will also serve WALLETH for the fcm-push option (this was also only active for Rinkeby for now).

I would be happy about feedback. Please try it out (not yet with huge amounts please). If you find issues please let me know.

You can find the source-code here. This project also has some enhancement issues open with issuETH bounties attached for dogfooding,PoC and inception.