New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Colony Bug Bounty #403

Open
collinvine opened this Issue Oct 30, 2018 · 12 comments

Comments

Projects
None yet
4 participants
@collinvine
Copy link

collinvine commented Oct 30, 2018

Colony Bug Bounty Program

Before mainnet launch, we are inviting all solidity devs, security researchers, and benevolent hackers to help us secure Colony. From small notes to critical vulnerabilities, there are bounties set between $500 and $20,000 to anyone that can uncover a flaw in the colonyNetwork smart contracts.

Bug Severity & Bounties

Submissions will be evaluated by the Colony team according to the OWASP risk rating methodology, which grades based on both Impact and Likelihood.

Severity levels:

  • Note: Up to $500 USD (min. $100)
  • Low: Up to $2,000 USD (min. $500)
  • Medium: Up to $5,000 USD (min. $2,000)
  • High: Up to $10,000 USD (min. $5,000)
  • Critical: Up to $20,000 USD (min. $10,000)

Submission Guidelines

All bugs reported must be done through the creation of an issue in the colonyNetwork GitHub repo, or if the submitter wishes to disclose privately, or to remain anonymous by an email sent to security@colony.io. Private submissions are still eligible for a bounty.

See the official submission guidelines for more.

Dates

Launch: October 30th 2018
End: This is ongoing unless otherwise stated

Terms & Rules

Please read the official terms and rules before participating, and follow the issue template guidelines when submitting.

@gitcoinbot

This comment has been minimized.

Copy link

gitcoinbot commented Oct 30, 2018

Issue Status: 1. Open 2. Started 3. Submitted 4. Done


This issue now has a funding of 500.0 DAI (500.0 USD @ $1.0/DAI) attached to it as part of the joincolony fund.

@gitcoinbot

This comment has been minimized.

Copy link

gitcoinbot commented Oct 30, 2018

Issue Status: 1. Open 2. Started 3. Submitted 4. Done


Work has been started.

These users each claimed they can complete the work by 1 day, 3 hours ago.
Please review their action plans below:

1) forgetso has started work.

  • Set up a local ethereum test net
  • Spin up the colony dapp
  • Create projects, rewards, modify reputations, etc.
  • Attempt to hack the solidity contract functions via javascript and miner injections and just general nuisance
  • Available to begin work on 05 Nov

Learn more on the Gitcoin Issue Details page.

2) joinstackinc has started work.

Would like to asses the contracts for any security issues...

Learn more on the Gitcoin Issue Details page.

3) yoyi305 has started work.

Im a bit rusty on JavaScript, but this is a great way to get back to it. Let's get started.

Learn more on the Gitcoin Issue Details page.

4) blockchain-doppelganger has started work.

Review contracts, and try to hack they

Learn more on the Gitcoin Issue Details page.

5) jakub-wojciechowski has started work.

Hi Guys, thanks for posting this bounty. It'll be a great opportunity to look deeper in your contracts.

Learn more on the Gitcoin Issue Details page.

6) nickerrant has started work.

For following bug report: #417

Learn more on the Gitcoin Issue Details page.

@blockchain-doppelganger

This comment has been minimized.

Copy link

blockchain-doppelganger commented Nov 3, 2018

@collinvine Can you tell current contract address on Rinkeby ?

@ryanchristo

This comment has been minimized.

Copy link
Member

ryanchristo commented Nov 4, 2018

Hey @blockchain-doppelganger! Here's the contract address on Rinkeby:

0xFF77830c100623316736b45C4983Df970423aAF4

As well as the GitHub release and the deployed contract on Etherscan.

@gitcoinbot

This comment has been minimized.

Copy link

gitcoinbot commented Nov 11, 2018

Issue Status: 1. Open 2. Started 3. Submitted 4. Done


Work for 500.0 DAI (500.0 USD @ $1.0/DAI) has been submitted by:

  1. @jakub-wojciechowski

@collinvine please take a look at the submitted work:


@gitcoinbot

This comment has been minimized.

Copy link

gitcoinbot commented Nov 11, 2018

Issue Status: 1. Open 2. Started 3. Submitted 4. Done


Work for 500.0 DAI (500.0 USD @ $1.0/DAI) has been submitted by:

  1. @jakub-wojciechowski
  2. @NickErrant

@collinvine please take a look at the submitted work:


@gitcoinbot

This comment has been minimized.

Copy link

gitcoinbot commented Nov 12, 2018

⚡️ A tip worth 100.00000 DAI (100.0 USD @ $1.0/DAI) has been granted to @jakub-wojciechowski for this issue from @collinvine. ⚡️

Nice work @jakub-wojciechowski! Your tip has automatically been deposited in the ETH address we have on file.

@gitcoinbot

This comment has been minimized.

Copy link

gitcoinbot commented Nov 12, 2018

⚡️ A tip worth 200.00000 DAI (200.0 USD @ $1.0/DAI) has been granted to @jakub-wojciechowski for this issue from @collinvine. ⚡️

Nice work @jakub-wojciechowski! Your tip has automatically been deposited in the ETH address we have on file.

@gitcoinbot

This comment has been minimized.

Copy link

gitcoinbot commented Nov 12, 2018

⚡️ A tip worth 1500.00000 DAI (1500.0 USD @ $1.0/DAI) has been granted to @Destiner for this issue from @collinvine. ⚡️

Nice work @Destiner! Your tip has automatically been deposited in the ETH address we have on file.

@gitcoinbot

This comment has been minimized.

Copy link

gitcoinbot commented Nov 12, 2018

⚡️ A tip worth 100.00000 DAI (100.0 USD @ $1.0/DAI) has been granted to @NickErrant for this issue from @collinvine. ⚡️

Nice work @NickErrant! Your tip has automatically been deposited in the ETH address we have on file.

@gitcoinbot

This comment has been minimized.

Copy link

gitcoinbot commented Nov 19, 2018

⚡️ A tip worth 1200.00000 DAI (1200.0 USD @ $1.0/DAI) has been granted to @jakub-wojciechowski for this issue from @collinvine. ⚡️

Nice work @jakub-wojciechowski! Your tip has automatically been deposited in the ETH address we have on file.

@gitcoinbot

This comment has been minimized.

Copy link

gitcoinbot commented Jan 29, 2019

Issue Status: 1. Open 2. Started 3. Submitted 4. Done


This Bounty has been completed.

Additional Tips for this Bounty:

  • collinvine tipped 1200.0000 DAI worth 1200.0 USD to jakub-wojciechowski.
  • collinvine tipped 100.0000 DAI worth 100.0 USD to NickErrant.
  • collinvine tipped 1500.0000 DAI worth 1500.0 USD to destiner.
  • collinvine tipped 200.0000 DAI worth 200.0 USD to jakub-wojciechowski.
  • collinvine tipped 100.0000 DAI worth 100.0 USD to jakub-wojciechowski.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment