Giters

FundRequest / contracts

Contracts for FundRequest (platform, token, crowdsale)

Home Page:https://fundrequest.io

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

As a security auditor I log a major security breach in the FundRequest Smart Contracts #1

gerbert-vandenberghe opened this issue · comments

commented

Description

As FundRequest we want our community to audit the FundRequest contracts to make sure we get the best audit possible.

Scope of Ticket

A major security breach qualifies as an issue in the FundRequest production code base that can cause: 
- a loss of funds;
- a loss of control over the smart contracts;
- an outage of the production environment;

Reward

The first reward is $10 000 in FundRequest tokens (FND), for each subsequent major security issue the bounty is lowered by $1 000 in FundRequest tokens (FND).

Precondition

  • The auditor must be logged into fundrequest
  • The auditor must have experience in Solidity, Code Review & auditing

Flow: Create Pull Request

  • Create a new issue in this repository
  • Edit
    https://github.com/FundRequest/contracts/blob/develop/vulnerabilities.md
  • Add your name as an auditor
  • Describe the security breach using the example template
    Screen Shot 2018-05-14 at 13.30.35.png
  • Create a pull request with a reference to the GitHub issue you created, this will be used by the FundRequest platform. (How to reference an issue in a GitHub Pull request?)
  • FundRequest administrator(s) will review the pull request and validate the reported issue

Postcondition

  • The auditor succesfully created a ticket and pull request
  • The FundRequest team has successfully reviewed the pull request and funded the issue with $10,000 (or less) in FND tokens (price of FND)
  • The FundRequest team merges the pull request
  • The auditor can claim the funds once the platform is live (May 2018)

Acceptance criteria

  • The reported issue is considered a major security breach as stated in the ticket
  • The security breach has to be unique.
  • The first person reporting the breach will be awarded the bounty.
  • The timestamp of the pull request will be used to define the first person who reported the security breach.
  • The bug may only be reported in this the FundRequest Github repository and cannot be made public on other platforms/media without the consent of the FundRequest team.
  • Determinations of eligibility, rewards and all terms related to an award are at the sole and final discretion of the FundRequest team.
  • The issue is reported before June 2018
commented

@davyvanroy @Qkyrie Please review.

commented

Best project