Skip to content
This repository has been archived by the owner on Nov 5, 2018. It is now read-only.

Bug bounty program for Xcert smart contracts #24

Open
xpepermint opened this issue May 29, 2018 · 0 comments
Open

Bug bounty program for Xcert smart contracts #24

xpepermint opened this issue May 29, 2018 · 0 comments
Assignees
Labels
bounty Bug bounty program

Comments

@xpepermint
Copy link
Member

The 0xcert team has prepared the official Xcert smart contract implementation for the Ethereum blockchain. The Xcert smart contract is one of the key elements of the 0xcert protocol. It represents a non-fungible token contract and is built on top of the ERC-721 standard implementation.

We recognize the need and necessity of a security audit in order to keep all further usage safe and secure. In this light, a bug bounty program is being launched and we would love if the community can help find and disclose security issues and vulnerabilities.

About implementation

An Xcert represents a one-of-a-kind asset in form of a non-fungible token on the blockchain. It holds a proof of a real-world asset and has all the properties of a non-fungible token.

An Xcert smart contract is an extended non-fungible token smart contract. It follows the Ethereum’s ERC-721 specification which thus makes it compliant with the non-fungible token standard.

An Xcert smart contract holds assets of a particular 0xcert convention. This makes the contract opinionated and forces predictable data.

You can read more about the Xcert smart contract in the official technical paper of the 0xcert protocol.

Scope & rules

This bug bounty program will run from 2018-06-16 at 00:01 CET to 2018-07-16 at 23:59 CET. All of the discussions and code in this bug bounty program are publicly available in this repository. Help us find any problems with the Xcert implementation and you will be rewarded.

  • Be descriptive and detailed when describing your issue.
  • Fix it and recommend a way to solve the problem.
  • Include a truffle or detailed test case that we can reproduce.
  • Issues that have already been published here or are already disclosed to the 0xcert team are not eligible for rewards.
  • Social engineering, XKCD#538 attacks, bringing down Ropsten/Metamask/Infura are not in scope and will NOT be paid a reward.
  • Only the contracts regarding the Xcert are in scope, our website is not in scope.
  • GitHub issues is the only way to report issues and request rewards.
  • The 0xcert team has a complete and final judgment on the acceptability of issue reports.

Rewards

  • We will distribute up to 5 ETH among all participants that reported a unique high severity bug.
  • Reports for medium and low bugs will receive our 0xcert t-shirt and an honorable mention.
Severity Examples
High Allowing tokens to get lost, stolen, or become unusable.
Medium An undocumented function, documentation of a user-facing function that does not completely explain what is happening from the user’s perspective (i.e. unspecified side effects).
Low Any typo that does not affect program functionality. Recommended changes to functionality which are helpful and optimize the code.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bounty Bug bounty program
Projects
None yet
Development

No branches or pull requests

4 participants