Welcome to the Stellar Security Scanner project! This guide will help you get started as a contributor and understand how to participate in our community and funding program.
- Discord: Join our Discord server
- Introduce Yourself: Post in
#introductionschannel - Get Verified: Complete the contributor verification process
# Clone the repository
git clone https://github.com/your-org/stellar-security-scanner.git
cd stellar-security-scanner
# Install Rust (if not already installed)
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
# Build the project
cargo build
# Run tests to verify setup
cargo test
# Install development tools
cargo install cargo-watch cargo-tarpaulin cargo-audit- Security researchers and auditors
- People interested in smart contract vulnerabilities
- Those with experience in blockchain security
-
Learn Stellar/Soroban Basics
- Stellar Documentation
- Soroban Documentation
- Review example contracts in
examples/directory
-
Study Existing Vulnerabilities
- Read vulnerabilities.rs
- Review SECURITY_RESEARCH.md
- Study known attack patterns
-
Practice with Examples
- Analyze
examples/vulnerable_contract.rs - Try to identify issues manually
- Compare with scanner results
- Analyze
- Add a new vulnerability pattern
- Improve existing detection logic
- Create test cases for edge cases
- Document attack vectors
- Understanding of smart contract security
- Knowledge of Rust and Soroban
- Analytical thinking
- Attention to detail
- Learning Phase: 1-2 weeks
- First Contribution: 2-4 weeks
- Independent Research: 1-2 months
- Simple Patterns: 200 USDC
- Complex Vulnerabilities: 350-500 USDC
- Novel Discoveries: Up to 1,000 USDC (with bonus)
- Rust developers
- Software engineers interested in security tools
- People who like building and improving tools
-
Understand the Codebase
- Read lib.rs for project structure
- Study scanners.rs for core logic
- Review analysis.rs for result processing
-
Run the Scanner
# Scan example contracts cargo run -- security --path examples/ # Generate HTML report cargo run -- scan --format html --output report.html # List available checks cargo run -- list-checks
-
Study the Architecture
- Vulnerability detection engine
- Invariant checking system
- Reporting and analysis
- Configuration management
- Fix a reported bug
- Add a new output format
- Improve performance
- Add CLI options
- Enhance error messages
- Rust programming experience
- Understanding of parsers/AST
- CLI application development
- Testing and debugging
- Codebase Understanding: 1-2 weeks
- First Bug Fix: 1-2 weeks
- First Feature: 2-4 weeks
- Complex Features: 1-2 months
- Bug Fixes: 50-400 USDC
- Small Features: 100-200 USDC
- Major Features: 200-300 USDC
- Architecture Changes: 300-500 USDC
- Technical writers
- Educators and teachers
- People who enjoy explaining complex topics
- Those with good communication skills
-
Understand the Project
- Read the README.md
- Study the PROJECT_ROADMAP.md
- Review existing documentation
-
Identify Gaps
- What's confusing for new users?
- What questions are asked frequently?
- What examples would be helpful?
-
Learn the Tools
- Markdown formatting
- Code example creation
- Diagram creation tools
- Documentation best practices
- Improve the README
- Add tutorials for specific features
- Create troubleshooting guides
- Write "how-to" articles
- Add more examples
- Technical writing ability
- Clear communication
- Understanding of user needs
- Attention to detail
- Project Understanding: 1 week
- First Documentation: 1-2 weeks
- Comprehensive Guides: 2-4 weeks
- Tutorial Series: 1-2 months
- Small Updates: 50 USDC
- Tutorials: 100 USDC
- Comprehensive Guides: 150 USDC
- Documentation Overhauls: 200-300 USDC
- Detail-oriented developers
- People who enjoy debugging
- Those who like solving puzzles
- Contributors with varying experience levels
-
Find a Bug
- Browse open issues
- Look for
bugorgood-first-issuelabels - Try reproducing reported issues
-
Understand the Problem
- Read the bug report carefully
- Reproduce the issue locally
- Identify the root cause
-
Develop a Fix
- Create a minimal reproduction
- Implement a solution
- Write tests to verify the fix
- Fix simple typos or formatting
- Resolve easy bugs
- Improve error messages
- Add missing error handling
- Basic Rust knowledge
- Debugging skills
- Problem-solving ability
- Attention to detail
- Bug Understanding: 1-3 days
- Fix Implementation: 1-5 days
- Testing & Refinement: 1-3 days
- Critical Bugs: 400 USDC
- High Priority: 250 USDC
- Medium Priority: 150 USDC
- Low Priority: 50 USDC
# Browse available issues
gh issue list --label "help wanted"
# Filter by your interests
gh issue list --label "documentation"
gh issue list --label "good-first-issue"- Comment on the issue: "I'd like to work on this"
- Wait for maintainer assignment
- Ask questions if anything is unclear
git checkout -b feat/your-feature-name
# or
git checkout -b fix/issue-number-description# Watch for changes and run tests
cargo watch -x test
# Check code coverage
cargo tarpaulin --out Html
# Format code
cargo fmt
# Run lints
cargo clippy -- -D warningsgit push origin feat/your-feature-name
gh pr create --title "Brief description" --body "Detailed description"- Complete your first contribution (unpaid)
- Understand the project well
- Join community discussions
- Read the Funding Guidelines
-
Create a Detailed Issue
- Use appropriate template
- Provide clear description
- Include work estimate
- Specify funding amount
-
Apply on Drips Network
- Navigate to project page
- Submit funding application
- Link to GitHub issue
- Provide additional details
-
Wait for Approval
- Community review period
- Maintainer assessment
- Funding confirmation
- Be Realistic: Don't underestimate complexity
- Include Testing: Account for test writing time
- Consider Review: Include code review time
- Buffer Time: Add 20% for unexpected issues
- 🥉 Bronze (0-500 USDC): Basic recognition
- 🥈 Silver (500-2,000 USDC): Voting rights
- 🥇 Gold (2,000-5,000 USDC): Mentorship opportunities
- 💎 Platinum (5,000+ USDC): Core team consideration
- Technical: Rust, security, performance
- Soft Skills: Communication, collaboration
- Leadership: Mentoring, project management
- Business: Product thinking, user experience
- Portfolio: High-profile open source work
- Network: Connect with security experts
- Reputation: Build your professional brand
- Opportunities: Job leads and partnerships
- Discord #help: Quick questions
- Discord #contributors: Project discussions
- GitHub Discussions: In-depth technical questions
- Maintainers: Complex issues and guidance
- Project Documentation: Comprehensive guides
- Rust Book: Learn Rust programming
- Stellar Docs: Understand the ecosystem
- Security Resources: Learn about vulnerabilities
- Pair Programming: Work with experienced contributors
- Code Reviews: Get feedback on your work
- Career Guidance: Advice from industry professionals
- Skill Development: Personalized learning plans
- Start Small: Begin with well-defined tasks
- Ask Questions: Don't hesitate to seek help
- Learn Continuously: Invest in your skills
- Be Patient: Quality takes time
- Engage: Participate in community discussions
- Mentor Others: Help newcomers succeed
- Lead Projects: Take initiative on complex tasks
- Share Knowledge: Document your learnings
- Innovate: Bring new ideas and approaches
- Collaborate: Work with others on big projects
- Quality First: Focus on high-quality work
- Communicate: Keep the community informed
- Respect: Value diverse perspectives
- Persist: Don't give up on challenges
- Celebrate: Acknowledge achievements
- Join Discord and introduce yourself
- Setup Development Environment
- Choose Your Path based on your interests
- Make Your First Contribution
- Apply for Funding when you're ready
Welcome to the Stellar Security Scanner community! We're excited to have you with us. 🚀