Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug Bounty: up to 50 ETH] Kleros - Realito Integration #244

Closed
clesaege opened this issue Mar 27, 2019 · 10 comments
Closed

[Bug Bounty: up to 50 ETH] Kleros - Realito Integration #244

clesaege opened this issue Mar 27, 2019 · 10 comments
Labels
Bounty 💰 Bounty

Comments

@clesaege
Copy link
Member

clesaege commented Mar 27, 2019
edited by 0xferit
Loading

Kleros - Realitio Integration

This is a bug bounty on the Realitio Arbitrator Proxy contract and on Realitio.

Bugs are rewarded up to 50 ETH according to this classification:

  • Critical Bugs: 50 ETH
    for bugs that can significantly change the result of the Oracle or lead to a party losing a significant amount of ETH.
  • Major Bugs: 25 ETH
    for bugs that can prevent a party to win a significant amount of ETH it should otherwise have won.
  • Minor Bugs: 5 ETH
    for smaller bugs.

If you find a bug you can send a mail to [email protected] and [email protected].

Realtio Arbitrator Proxy

Bounty

Smart Contract Guidelines

We use those guidelines to write smart contracts. In particular, we do not try to prevent stupid behaviors at the contract level but leave this task to the UI. Letting the possibility to a user to harm itself is not a vulnerability (but should of course be dealt at the UI level).

Violation of guidelines are not vulnerabilities but can be reported as "suggestion for tips". Note that we've developed the proxy but not Realitio. This means Realitio code may follow different guidelines.

Bounty Rules

  • If you have any questions, don't hesitate to ask on the slack channel (slack.kleros.io #smart-contract-review) or by sending a mail to [email protected] .
  • All this code is provided under MIT license and can be reused by other projects. If you don't hesitate to inform us and we may list your deployed contracts in the @deployed of the RAB pragma.
  • Good luck hunting and have fun hunting!
@clesaege clesaege added the Bounty 💰 Bounty label Mar 27, 2019
@clesaege clesaege pinned this issue Mar 27, 2019
@gitcoinbot
Copy link

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

This issue now has a funding of 5.0 ETH (691.06 USD @ $138.21/ETH) attached to it as part of the @kleros fund.

@clesaege clesaege changed the title [Bug Bounty: up to 50 ETH] Keros - Realito Integration [Bug Bounty: up to 50 ETH] Kleros - Realito Integration Mar 27, 2019
@gitcoinbot
Copy link

Issue Status: 1. Open 2. Cancelled

The funding of 5.0 ETH (691.06 USD @ $138.21/ETH) attached to this issue has been cancelled by the bounty submitter

@gitcoinbot
Copy link

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

This issue now has a funding of 5.0 ETH (691.06 USD @ $138.21/ETH) attached to it as part of the @kleros fund.

@gitcoinbot
Copy link

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

Work has been started.

These users each claimed they can complete the work by 4 days, 5 hours from now.
Please review their action plans below:

1) cliff-burchfield has started work.

Hello,

I am new to the bounty program and was searching around trying to figure out where to start. Should I just pull the repo and start tinkering around for bugs? I know this is pretty basic but i'm new to this space. Please let me know when you get a chance.

Learn more on the Gitcoin Issue Details page.

@clesaege
Copy link
Member Author

clesaege commented Apr 6, 2019

Hi,

Yes, you can search for bugs on the contracts mentioned in the issue.

Cheers,

@gitcoinbot
Copy link

gitcoinbot commented Apr 8, 2019
edited
Loading

Issue Status: 1. Open 2. Cancelled

Work has been started.

These users each claimed they can complete the work by 3 months ago.
Please review their action plans below:

1) cliff-burchfield has started work.

Hello,

I am new to the bounty program and was searching around trying to figure out where to start. Should I just pull the repo and start tinkering around for bugs? I know this is pretty basic but i'm new to this space. Please let me know when you get a chance.
2) hamidous has started work.

i will started this bounty i'm interested to find bug in code

Learn more on the Gitcoin Issue Details page.

@pacamara
Copy link

pacamara commented Apr 8, 2019

@clesaege Hi! Have emailed you POC code for an attack. 🍻

This was referenced Apr 10, 2019
Closed
Closed
@pacamara
Copy link

The issue has been discussed privately with the funders and is not deemed a live security risk. However a couple of suggestions for minor improvements arise from it, which I've filed above.

@pacamara pacamara mentioned this issue Apr 10, 2019
Closed
@clesaege clesaege unpinned this issue Jun 25, 2019
@gitcoinbot
Copy link

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

Work for 5.0 ETH (1160.77 USD @ $232.15/ETH) has been submitted by:

  1. @hamidous

@clesaege please take a look at the submitted work:

@clesaege clesaege closed this as completed Aug 1, 2019
@gitcoinbot
Copy link

Issue Status: 1. Open 2. Cancelled

The funding of 5.0 ETH (1073.81 USD @ $214.76/ETH) attached to this issue has been cancelled by the bounty submitter

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bounty 💰 Bounty
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@clesaege @pacamara @gitcoinbot