Active

Payout
0.5 ETH

$92.73

Remaining Balance
0.5 ETH

$92.73

STDB2 Bug Bounty

solidity

bugbounty

bugs

circle

Mark Beylin

Description

Now that we have gone live with STDB2, we would like to place a bug bounty to incentivize the discovery of bugs in the code. The scope of the bug bounty is the 2 contracts StandardBounties.sol and BountiesMetaTxRelayer.sol. Any bugs found in our codebase but outside of those two contracts are NOT within the scope of this bug bounty.

This bounty will pay out for submissions following the OWASP model of grading severity. Payouts will be made to the first individuals who report bugs, and exploits will be ineligible for payouts if they've already been used on the main-net deployed contract. Non-security critical severity issues (style issues, gas optimizations) are not eligible for this bounty. Determinations of eligibility and all terms related to this award are at the sole and final discretion of the StandardBounties team. Any any bugs reported in https://github.com/ConsenSys/bounties-audit-report-2019-03 will also be excluded.

This bounty will pay out:

  • 0.5 ETH for Low Severity Bugs
  • 1 ETH for Medium Severity Bugs
  • 2.5 ETH for High Severity Bugs
  • 5 ETH for Critical Severity Bugs

This bounty is listed for 0.5 ETH, but if you discover a bug that's of greater severity than Low, we will send the remaining funds to you as a tip after accepting your submission.

Definition of Done

If you discover a bug, please submit it to this bounty. If you believe you may have found a bug but want to verify it's validity, please don't hesitate to reach out to me first. We are honest and will be happy to pay if legitimate bugs are discovered, even if you've told us about them before submitting to this bounty.

Submissions

8

Comments

4

here are 2 bugs that I find in the inherited contract

Cezar Toderau

N/A

skywalker

bountys

circle

Kyo kusanagi

Hello,
the first pdf report that I sent was for Visualisation of code, and now I scan the code using Security tool named (Slither) and submit the report. I also test Mythril vulnerability checker but the code was secure in his view.
Please check here for more information about tools: https://consensys.github.io/smart-contract-best-practices/security_tools/

Ps: I really get stressed from the code because of error compilation. like line 20 Expected ';' but got identifier '[' , if you have compiled code please send it to Scan

circle

Kyo kusanagi

Hello, Here is the report that I create. it's an almost full analysis of the two solidity file.
Here my Telegram username if you need a full-size picture:
Telegram: @charingane

I worked hard
I hope you like it

Accepted

this is my submission , hope you like it

circle

Marin Petrunić

It seems that bounty issuer in dranBounty method can drain other peoples contributions because method checks balance and doesn't substract contributions.