Now that we have gone live with STDB2, we would like to place a bug bounty to incentivize the discovery of bugs in the code. The scope of the bug bounty is the 2 contracts StandardBounties.sol and BountiesMetaTxRelayer.sol. Any bugs found in our codebase but outside of those two contracts are NOT within the scope of this bug bounty.
This bounty will pay out for submissions following the OWASP model of grading severity. Payouts will be made to the first individuals who report bugs, and exploits will be ineligible for payouts if they've already been used on the main-net deployed contract. Non-security critical severity issues (style issues, gas optimizations) are not eligible for this bounty. Determinations of eligibility and all terms related to this award are at the sole and final discretion of the StandardBounties team. Any any bugs reported in https://github.com/ConsenSys/bounties-audit-report-2019-03 will also be excluded.
This bounty is listed for 0.5 ETH, but if you discover a bug that's of greater severity than Low, we will send the remaining funds to you as a tip after accepting your submission.
If you discover a bug, please submit it to this bounty. If you believe you may have found a bug but want to verify it's validity, please don't hesitate to reach out to me first. We are honest and will be happy to pay if legitimate bugs are discovered, even if you've told us about them before submitting to this bounty.
here are 2 bugs that I find in the inherited contract
the first pdf report that I sent was for Visualisation of code, and now I scan the code using Security tool named (Slither) and submit the report. I also test Mythril vulnerability checker but the code was secure in his view.
Please check here for more information about tools: https://consensys.github.io/smart-contract-best-practices/security_tools/
Ps: I really get stressed from the code because of error compilation. like line 20 Expected ';' but got identifier '[' , if you have compiled code please send it to Scan
I worked hard
I hope you like it
this is my submission , hope you like it
It seems that bounty issuer in dranBounty method can drain other peoples contributions because method checks balance and doesn't substract contributions.