← back to projects
BugNest

BugNest

// key_features

  • Three distinct roles: Company
  • Researcher
  • and Admin
  • Companies can post bugs with reward details
  • Researchers submit solutions and compete for rewards
  • Admin dashboard to oversee and moderate the platform
  • Full-stack architecture with separate backend and frontend

// description

about.md

BugNest is a three-sided marketplace for bug bounty hunting. Companies post bugs they need found and fixed, researchers compete to solve them and earn rewards, and admins oversee the platform to keep the whole system running fairly. The purpose was to build a real-world, multi-role platform end-to-end — not just CRUD, but a system with genuinely different permissions and workflows depending on who's using it, which is a much closer match to how production SaaS products actually work. The target users are companies looking for an affordable way to crowdsource security testing, and researchers looking for legitimate bounty opportunities to earn rewards for their skills — with admins as the platform's internal moderators.

// challenges

Designing a system with three distinct roles (Company, Researcher, Admin) meant the permission logic couldn't be an afterthought — every feature needed to be built with "who can see this, who can act on this" in mind from the start. Coordinating a separate NestJS backend and Next.js frontend also meant carefully managing the API contract between them so changes on one side didn't silently break the other.

// future_plans

Adding a reputation/rating system for researchers based on solved bugs, an in-platform dispute resolution flow for contested submissions, and integrating a real payment gateway so reward payouts can happen directly through the platform instead of manually.