Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bug bounty program for ERC-721 smart contracts (v1) #46

Closed
xpepermint opened this issue May 16, 2018 · 12 comments
Closed

Bug bounty program for ERC-721 smart contracts (v1) #46

xpepermint opened this issue May 16, 2018 · 12 comments
Assignees
Labels
bounty Bug bounty program

Comments

@xpepermint
Copy link
Member

xpepermint commented May 16, 2018

The 0xcert team has decided to provide a valid and secure ERC-721 implementation for the Ethereum community. We recognize the need and necessity of a security audit in order to keep all further usage safe and secure. In this light, a bug bounty program is being launched and we would love if the community can help find and disclose security issues and vulnerabilities.

About implementation

ERC-721 is a standard interface for non-fungible tokens on the Ethereum blockchain, invented by Dieter Shirley and written by William Entriken. The 0xcert development team decided to build the fully compatible implementation, which is going to be open-source and available to everyone.

Scope & rules

This bug bounty program will run from 2018-05-16 at 00:01 CET to 2018-07-16 at 23:59 CET. All of the discussions and code in this bug bounty program are publicly available in this repository. Help us find any problems with the ERC-721 implementation and you will be rewarded.

  • Be descriptive and detailed when describing your issue.
  • Fix it and recommend a way to solve the problem.
  • Include a truffle or detailed test case that we can reproduce.
  • Issues that have already been published here or are already disclosed to the 0xcert team are not eligible for rewards.
  • Social engineering, XKCD#538 attacks, bringing down Ropsten/Metamask/Infura are not in scope and will NOT be paid a reward.
  • Only the contracts regarding the ERC-721 are in scope, our website is not in scope.
  • GitHub issues is the only way to report issues and request rewards.
  • The 0xcert team has a complete and final judgment on the acceptability of issue reports.

Rewards

  • We will distribute up to 5 ETH among all participants that reported a unique high severity bug.
  • Reports for medium and low bugs will receive our 0xcert t-shirt and an honorable mention.
Severity Examples
High Allowing tokens to get lost, stolen, or become unusable.
Medium An undocumented function, documentation of a user-facing function that does not completely explain what is happening from the user’s perspective (i.e. unspecified side effects).
Low Any typo that does not affect program functionality. Recommended changes to functionality which are helpful and optimize the code.

Note that if the EIP standard is amended then an issue will be Low severity if it points this out to us. We will support the updated standard.

Additional bounty

We are providing another bounty for a token that builds on top of this implementation called Xcert. If you are interested in participating in that bounty you can check it out here: 0xcert/ethereum-xcert#24

@fulldecent
Copy link
Collaborator

Correction: @dete is the visionary and inventor of ERC-721; I am merely the lead author of the current text of the standard.

@xpepermint
Copy link
Member Author

#51 (low)

@xpepermint
Copy link
Member Author

a03db28#commitcomment-29251894 (low)

@xpepermint
Copy link
Member Author

Extending bounty till 2018-07-16.

@xpepermint
Copy link
Member Author

xpepermint commented Jun 18, 2018

#87 (low)

@MoMannn
Copy link
Collaborator

MoMannn commented Jun 22, 2018

#91 (low)

@MoMannn
Copy link
Collaborator

MoMannn commented Jun 22, 2018

#97 (low)

@xpepermint
Copy link
Member Author

xpepermint commented Jun 22, 2018

#100 (medium)

@xpepermint
Copy link
Member Author

#102 (low)

@xpepermint
Copy link
Member Author

#106 (high)

@xpepermint
Copy link
Member Author

It's time!

@xpepermint
Copy link
Member Author

The Bug Bounty program is closed. Thank you to all contributors who participated in the bounty and helped us find the issues with our ERC-721 smart contracts.

8 proposals had been issued by 5 contributors:

To collect the rewards, please reach out to the Admin of our Telegram group or write us at hello@0xcert.org for further details.

@xpepermint xpepermint changed the title Bug bounty program for ERC-721 smart contracts Bug bounty program for ERC-721 smart contracts (v1) Jan 9, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bounty Bug bounty program
Projects
None yet
Development

No branches or pull requests

4 participants