Sync

.gitignore

@@ -8,5 +8,6 @@ lib/core/MetadataBlog.js
 website/translated_docs
 website/build/
 website/yarn.lock
+website/yarn-error.log
 website/node_modules
 website/i18n/*

docs/contribute/bug-bounty.md

@@ -0,0 +1,77 @@
+---
+id: bug-bounty 
+sidebar_label: Bug Bounty
+title: 1Hive Bug Bounty 
+---
+
+A bug bounty for 1Hive apps is now live. We intend for hackers to look for smart contract vulnerabilities in our system that can lead to a loss of funds, locked DAOs, or a degraded user experience.
+
+## Rewards
+
+Vulnerability reports will be scored using the  [CVSS v3](https://www.first.org/cvss/) standard. The reward amounts for different types of vulnerabilities are:
+
+| Severity    | CVSS            | Bounty        |
+| :----:      | :----:          | :----:        |
+| Critical    | CVSS 9.0 - 10.0 | 500 - 5000    |
+| Major       | CVSS 7.0 - 8.9  | 250 - 500     |
+| Medium      | CVSS 4.0 - 6.9  | 100 - 250     |
+| Low         | CVSS 1.0 - 3.9  | 50 - 100      |
+
+Rewards will be awarded at the sole discretion of the [1Hive BEEs](https://rinkeby.aragon.org/#/0xe520428C232F6Da6f694b121181f907931fD2211/0x3c16dc46b84a6647f8375235ca88dad2c27edb8b). Quality of the report and reproduction instructions can impact the reward. Rewards will be paid out in HONEY.
+
+For this initial bug bounty program, there is a **maximum bounty pool of TBD**.
+
+The bug bounty program is ongoing.
+
+## Reporting
+
+Please responsibly disclose any findings to the development team. The best way to reach us immediately is on the `#dev` channel of our [Keybase chat](https://1hive.org/contribute/keybase). Simply say that you found a potential vulnerability and would like to discuss it with the dev team. We will then reach out to discuss details in private. 
+
+> DO NOT post the exploit directly to the #dev channel! 
+
+If your discovery qualifies for the bug bounty we will work with you to get it patched and issue your reward within 24hrs of initiating the patch. We will then give you credit (assuming you want that) by creating a blog post detailing the vulnerability, how we fixed it, and how you helped. 
+
+Failure to follow this reporting protocol will result in a finding being ineligible for any bounties.
+
+## Scope
+
+In scope for the bug bounty are all the smart contract components of the 1Hive apps. These can be found in the following repositories:
+
+### [Redemptions](https://github.com/1Hive/redemptions-app/tree/master/contracts) 
+
+All solidity code in the `contracts` directory is eligible for the bug bounty, with a few exceptions:
+- excluding `contracts/lib/` 
+- excluding `contracts/misc/` 
+- excluding `contracts/test/`
+
+This includes the current as well as [future patch versions](https://github.com/1hive/redemptions-app/releases).
+
+## Out of scope
+
+What we consider out of scope for this bug bounty
+- Side-effects of properly authenticated smart contract upgrades or contract upgrades that change the storage layout of a contract.
+- Revocation of permissions or completely changing how a DAO operates due to important permission being granted through the proper processes.
+- Any frontend applications or client-side code interacting with the contracts, as well as testing code.
+- Mismatch of the functionality of the contracts and outdated spec documents.
+
+## Areas of interest
+
+These are some examples of vulnerabilities that would be interesting
+- Bypassing ACL rules to get unauthorized access to an app.
+- A user of an app performing an action that could freeze or lock the contract.
+- Being able to escalate permissions using the Voting app or Token Manager without a proper vote being successful.
+
+## Resources
+
+Documentation and resources for hackers
+- [Reference and documentation for aragonOS 4](https://hack.aragon.org/docs/aragonos-ref.html) as well as a [list of the changes that have been made for aragonOS 4 from aragonOS 3](https://github.com/aragon/aragonOS/wiki/aragonOS-4:-Updates-to-aragonOS-and-aragon-apps).
+- [Documentation on how aragonOS apps should be developed](https://hack.aragon.org/docs/aragonos-building.html).
+- [Documentation for our smart contract deployments to live networks](https://github.com/aragon/deployments).
+
+## Eligibility
+
+Terms for eligible bounties
+- Only unknown vulnerabilities will be awarded a bounty; in case of duplicate reports, the first report will be awarded the bounty.
+- Public disclosure of the vulnerability, before explicit consent from 1Hive to do so, will make the vulnerability ineligible for a bounty.
+- Attempting to exploit the vulnerability in a public Ethereum network will also make it ineligible for a bounty.
+

docs/contribute/github.md

@@ -22,6 +22,6 @@ All repos should use include a Contribution Guide in the `README.md` file in the
 
 #### Task Bounties and Issue Tags
 
-As discussed in the [Projects and Tasks](contribute/projects-tasks) section of this guide, we use the **Projects** app in the 1Hive organization to coordinate and reward effort on specific tasks which are represented by Github issues.
+As discussed in the [Projects and Tasks](/contribute/projects-tasks) section of this guide, we use the **Projects** app in the 1Hive organization to coordinate and reward effort on specific tasks which are represented by Github issues.
 
 Currently there is no way to view the funding status of an issue within Github, though this should be solved by a github bot in the future. For now, we expect **Curators** to manually attach the `Funded` tag to issues after they have been funded. And we expect **Workers** to assign themselves to issues after they have been assigned a task in the Aragon organization.

docs/contribute/roles-responsibilities.md

@@ -8,7 +8,7 @@ title: 1Hive Roles and Responsibilities
 
 Anyone can contribute to the 1Hive DAO by engaging with the community on Keybase, creating new Issues on GitHub, working on open Issues on GitHub. This does not require anyone's permission. Reviewers can assign tasks to the contributor's GitHub account and pay out HONEY bounties to the worker's Ethereum address upon successful completion. This does not require any permissions within the 1Hive DAO.
 
-The roles and responsibilities of curators can be found [here](https://1hive.org/docs/contribute/projects-tasks.html#expectations-of-workers).
+The roles and responsibilities of curators can be found [here](https://1hive.org/contribute/projects-tasks#expectations-of-workers).
 
 If a Worker earns (or purchases) HONEY, they will have HONEY voting rights within the [1Hive DAO](https://rinkeby.aragon.org/#/0xe520428C232F6Da6f694b121181f907931fD2211). This includes the following permissions in the HONEY token Voting app:
 - Create new votes
@@ -17,7 +17,7 @@ If a Worker earns (or purchases) HONEY, they will have HONEY voting rights withi
 
 ## BEEs
 
-The roles and responsibilities of BEEs can be found [here](https://1hive.org/docs/contribute/membership.html#membership-guidelines). Current BEEs are:
+The roles and responsibilities of BEEs can be found [here](https://1hive.org/contribute/membership#membership-guidelines). Current BEEs are:
 - [Luke Duncan](https://github.com/lkngtn) - @lkngtn on Keybase
 - [burrrata](https://github.com/burrrata) - @burrrata on Keybase
 - [Gabriel Garcia](https://github.com/0xGabi) - @goliat on Keybase
@@ -33,7 +33,7 @@ The roles and responsibilities of BEEs can be found [here](https://1hive.org/doc
 
 ## HONEY Holders
 
-The roles and responsibilities of HONEY Holders can be found [here](https://1hive.org/docs/contribute/membership.html#why-honey).
+The roles and responsibilities of HONEY Holders can be found [here](https://1hive.org/contribute/membership#why-honey).
 
 Current HONEY Holders can be found on the 1Hive DAO in the [token manager](https://rinkeby.aragon.org/#/0xe520428C232F6Da6f694b121181f907931fD2211/0xda552be756aeb99df8d7ded3d853e1d57efa2442) app.
 
@@ -45,7 +45,7 @@ Current HONEY Holders can be found on the 1Hive DAO in the [token manager](https
 
 ## Curators
 
-The roles and responsibilities of Curators can be found [here](https://1hive.org/docs/contribute/projects-tasks.html#expectations-of-curators). Current Curators are:
+The roles and responsibilities of Curators can be found [here](https://1hive.org/contribute/projects-tasks#expectations-of-curators). Current Curators are:
 - [Luke Duncan](https://github.com/lkngtn) - @lkngtn on Keybase
 - [burrrata](https://github.com/burrrata) - @burrrata on Keybase
 
@@ -59,7 +59,7 @@ The roles and responsibilities of Curators can be found [here](https://1hive.org
 
 ## Reviewers
 
-The roles and responsibilities of Reviewers can be found [here](https://1hive.org/docs/contribute/projects-tasks.html#expectations-of-curators). Current Reviewers are:
+The roles and responsibilities of Reviewers can be found [here](https://1hive.org/contribute/projects-tasks#expectations-of-curators). Current Reviewers are:
 - [Luke Duncan](https://github.com/lkngtn) - @lkngtn on Keybase
 - [burrrata](https://github.com/burrrata) - @burrrata on Keybase
 

docs/projects/dandelion-orgs/overview.md

@@ -8,8 +8,8 @@ title: Dandelion Org Overview
 
 The dandelion organization template consists of the [Agent](https://github.com/aragon/aragon-apps/tree/master/apps/agent), [Finance](https://github.com/aragon/aragon-apps/tree/master/apps/finance), and [Token Manager](https://github.com/aragon/aragon-apps/tree/master/apps/token-manager) apps maintained by Aragon One. As well as the following applications developed and maintained by 1Hive:
 
-* [Redemptions](projects/dandelion-orgs/redemptions-app): Allows users to manage a list of eligible assets held within an organizations Vault and allow members of the organization to redeem (burn) organization token in exchange for a proportional amount of the eligible assets.
-* [Token Request](projects/dandelion-orgs/token-request-app): Allows users to propose minting tokens in exchange for a payment to the organization, subject to the approval of existing members.
-* [Lock](projects/dandelion-orgs/lock-app): Allows an organization to require users to lock a configure amount of tokens for a configurable amount of time in order to forward an intent.
-* [Delay](projects/dandelion-orgs/delay-app): Allows an organization to require a configurable delay before an action may be executed.
-* [Voting with Dissent Oracle](projects/dandelion-orgs/voting-dissent-oracle): An enhanced version of Aragon One's voting app which implements an ACL Oracle which allows an organization to configure permissions that restrict actions based on whether an address has recently voted Yes.
+* [Redemptions](/projects/dandelion-orgs/redemptions-app): Allows users to manage a list of eligible assets held within an organizations Vault and allow members of the organization to redeem (burn) organization token in exchange for a proportional amount of the eligible assets.
+* [Token Request](/projects/dandelion-orgs/token-request-app): Allows users to propose minting tokens in exchange for a payment to the organization, subject to the approval of existing members.
+* [Lock](/projects/dandelion-orgs/lock-app): Allows an organization to require users to lock a configure amount of tokens for a configurable amount of time in order to forward an intent.
+* [Delay](/projects/dandelion-orgs/delay-app): Allows an organization to require a configurable delay before an action may be executed.
+* [Voting with Dissent Oracle](/projects/dandelion-orgs/voting-dissent-oracle): An enhanced version of Aragon One's voting app which implements an ACL Oracle which allows an organization to configure permissions that restrict actions based on whether an address has recently voted Yes.

docs/sync/redemptions-overview.md

@@ -0,0 +1,37 @@
+---
+title: 1Hive Redemptions App
+custom_edit_url: https://github.com/1hive/redemptions-app/blob/master/docs/overview.md
+hide_title: false
+---
+<!-- This file is generated by /website/scripts/sync-util.js - changes will be overwritten! -->
+
+### What is the Redemptions app?
+
+An Aragon app that enables redeeming organizations tokens for organization assets.
+
+The redemptions app allows your organization to create a vault that exchanges your native token for an underlying asset. For example, the 1Hive native token is HONEY, but often times organization members will want DAI or ETH. The redemptions vault allows BEEs to exchange the HONEY they earn by contributing to the hive for the underlying asset of the vault.
+
+<br>
+
+### Maintainer 🚧
+- [1Hive Workers](https://1hive.org/docs/contribute/projects-tasks.html#expectations-of-workers)
+
+<br>
+
+### Project Repo 🗃️
+- https://github.com/1Hive/redemptions-app
+
+<br>
+
+### Security Review Status 🚨
+- The code in this repo has not been audited.
+
+<br>
+
+### Availability 🐲
+We are currently developing the Redemptions app. If you want to contribute please [checkout the latest status on GitHub](https://github.com/1Hive/redemptions)! :)
+- public beta: ✔
+- rinkeby: TBD
+- mainnet: TBD
+
+<br>