GitHub Bounties💵 paid workby haocyan0723-codeheuristic score

SecureBananaLabs/bug-bounty: Registration token subject can drift from returned user id

Visit project ↗Discussion ↗

💵 Funded work— see “Deliver it” below for how to respond.

Opportunity

AI-buildable

Traction

Creativity

The take

effort: ~1-2 months

Heuristic estimate (AI scoring not configured). SecureBananaLabs/bug-bounty: Registration token subject can drift from returned user id shows 0 engagement on ghbounties. Buildability is inferred from the description; add an AI gateway key for a tailored read.

Deliver it

A starter prompt for Claude Code, what you'll need, and how to reach them.

Build a minimal version of "SecureBananaLabs/bug-bounty: Registration token subject can drift from returned user id". Read the original at https://github.com/SecureBananaLabs/bug-bounty/issues/1743 for the exact requirements, then scaffold a Next.js + Tailwind app, implement the smallest valuable slice first, and ship it. (Enable AI scoring for a tailored, detailed prompt.)

Prerequisites — cost & what to learn

Node.js + a Vercel accountFree · Free (hobby tier)✓ in your stack
Part of the operator's house stack.
Any APIs/data the find depends onFree tier · Varies — enable AI scoring for a real cost read.📚 needs study
Depends on the find — enable AI scoring for specifics.
Learn it: Search getting-started ↗

Setup steps

How you'd build it

1Open the project and list its 3-5 core user-facing features.
2Scaffold a Next.js + AI Gateway app and rebuild the smallest valuable slice first.
3Wire any external data/APIs it depends on; stub what you can't access.
4Ship a thin public version and measure whether the demand signal reproduces.

Risks & moats

Traction may be launch-day spike rather than durable demand.
Heuristic scoring can't judge true novelty or competition — verify manually.

Original context

Bounty (amount on the issue). Parent bounty: #743 This issue is limited only to the creator of this issue. This means that only the issue author can attempt to solve this issue. If you would like to work on it, please create another issue with the same contents and refer to issue #743 for more information. Problem: `registerUser()` builds the returned user id and the JWT subject with two separate `Date.now()` calls. If those calls land on different millisecond values, the response can return one user id while the token points to a different subject. Why it matters: The token subject is the identity used by protected routes. It should match the user id returned at registration. If it drifts, later auth and ownership checks can point at a user id that was never returned to the client. Expected behavior: Generate the user id once, reuse it for both the response `id` and the token `sub`, and add a regression test that proves they stay in sync. Scope: This is only about registration token subject consistency. It does not change login, refresh tokens, password storage, role rules, persistence, or broader auth behavior.