As a security auditor I log a major security breach in the FundRequest Smart Contracts #1
gerbert-vandenberghe opened this issue · comments
Gerbert commented
Description
As FundRequest we want our community to audit the FundRequest contracts to make sure we get the best audit possible.
Scope of Ticket
-
Only FundRequest platform contracts:
https://github.com/FundRequest/contracts/tree/master/contracts/platform -
Find a Major security breach
A major security breach qualifies as an issue in the FundRequest production code base that can cause:
- a loss of funds;
- a loss of control over the smart contracts;
- an outage of the production environment;
Reward
The first reward is $10 000 in FundRequest tokens (FND), for each subsequent major security issue the bounty is lowered by $1 000 in FundRequest tokens (FND).
Precondition
- The auditor must be logged into fundrequest
- The auditor must have experience in Solidity, Code Review & auditing
Flow: Create Pull Request
- Create a new issue in this repository
- Edit
https://github.com/FundRequest/contracts/blob/develop/vulnerabilities.md
- Add your name as an auditor
- Describe the security breach using the example template
- Create a pull request with a reference to the GitHub issue you created, this will be used by the FundRequest platform. (How to reference an issue in a GitHub Pull request?)
- FundRequest administrator(s) will review the pull request and validate the reported issue
Postcondition
- The auditor succesfully created a ticket and pull request
- The FundRequest team has successfully reviewed the pull request and funded the issue with $10,000 (or less) in FND tokens (price of FND)
- The FundRequest team merges the pull request
- The auditor can claim the funds once the platform is live (May 2018)
Acceptance criteria
- The reported issue is considered a major security breach as stated in the ticket
- The security breach has to be unique.
- The first person reporting the breach will be awarded the bounty.
- The timestamp of the pull request will be used to define the first person who reported the security breach.
- The bug may only be reported in this the FundRequest Github repository and cannot be made public on other platforms/media without the consent of the FundRequest team.
- Determinations of eligibility, rewards and all terms related to an award are at the sole and final discretion of the FundRequest team.
- The issue is reported before June 2018
Sau0123 commented
Best project