TokenTraderFactory And TokenSellerFactory Bug Bounty

BokkyPooBah edited this page Sep 22, 2017 · 34 revisions

A bug bounty is on offer for bugs in the following smart contracts:

If you want to test the contracts above on Testnet, I have deployed a TestERC20Token at 0x583cbbb8a8443b38abcc0c956bece47340ea1367. Send some Testnet ethers to the test token contract and your account will receive the equivalent number of Testnet BOKKY tokens. This TestERC20Token is not included in this bug bounty program.


The Bug Bounty - Reward Now 220 ETH

The maximum reward paid under this bounty is 50 ethers for bugs that would result in the loss of ethers and/or tokens. In addition to the bounty reward, you will be entered into The BokkyPooBah Hall of Fame.

This amount will be supplemented by any donations to the https://cryptoderivatives.market/ donation address 0x000001f568875f378bf6d170b790967fe429c81a during the months of January and February 2017. Donations so far are:

  • Jan 21 2017 - Tx #0xeecd2155 3 ETH. The maximum reward is now 53 ETH.
  • Jan 23 2017 - A very generous donation Tx #0xcc9226e3... of 55 ETH. The maximum reward is now 108 ETH
  • Feb 12 2017 - /u/JonnyLatte, the original TokenTraderFactory author, has matched the 108 ETH bug bountry with an additional 108 ETH - 0x4ddb6065....
  • Feb 14 2017 - Bartosz Ocytko has been awarded 40 ETH for finding some (impossible in real-life, but very useful to know) overflow conditions - see below for details. I will add another 40 ETH to the bug bounty, bringing the new balance to 216 ETH.
  • Feb 26 2017 - Another donation Tx 0xc3468cd4... of 4 ETH. Thank you! The new bug bounty balances is 220 ETH

Note:

  • Feb 05 2017 - /u/JonnyLatte, the original TokenTraderFactory author, has found a bug in the TokenTraderFactory (see below) but has decided not to claim the bounty.

Please email bugbounty@cryptoderivatives.market to report any bugs you find in the contracts.


Contributing To The Bug Bounty

If you want to support this bug bounty (and https://cryptoderivatives.market/), please consider a donation to the address listed above. Executing trades on this site does not cost anything more than the standard Ethereum gas fees.


Rules And Rewards

  • Bugs that have already been submitted by another user or are already known to the BokkyPooBah are not eligible for bounty rewards.
  • Public disclosure of a vulnerability makes it ineligible for a bounty.
  • You can deploy the contracts on your private chain for bug hunting. Please respect the Ethereum Mainnet and Testnet and refrain from attacking them.
  • The value of rewards paid out will depend on the severity of the bugs found. Determinations of this amount is at the sole and final discretion of the BokkyPooBah but the BokkyPooBah will be fair.


The BokkyPooBah Hall of Fame

  1. Feb 05 2017 - /u/JonnyLatte, the original TokenTraderFactory author, has found a bug in the TokenTraderFactory code when it interacts with the πŸ¦„ ‐ Unicorn token where the natural unit is 1.

Here are the diffs of the fixed bug in in TokenTraderFactory and TokenSellerFactory

  1. Feb 14 2017 - Bartosz Ocytko has found an overflow condition that allows the GNTTokenTrader, TokenTrader and TokenSeller contracts to exchange the tokens for very little ethers. The conditions for this situation to occur are very very unlikely as it requires:
  • the ERC20 token supply to be at least 2^256 - 1
  • the Maker creates a TokenTrader or TokenSeller contract with sellPrice = 2^256 - 1 and units = 1
  • the Maker transfers 2^256 - 1 tokens to the newly created contract

All the existing GNTTokenTrader, TokenTrader and TokenSeller contracts as listed on the https://cryptoderivatives.market/ site are safe from the overflow bug described above as:

  • The are no tokens with supply 2^256 - 1
  • If there was a token with supply 2^256 - 1, it is even more unlikely that the Maker would own this whole amount
  • The GNTTokenTrader, TokenTrader and TokenSeller with sellPrice = 2^256 - 1 will automatically get filtered out from the existing "reasonableness" checks

Following is Ocytko's email detailing the overflow conditions:

For his efforts of pointing out this condition and suggesting a fix, 40 ETH has been awarded to Bartosz. Thanks Bartosz for auditing the contracts and helping keep it safe!

  1. Sep 23 2017 - softestcore found a "minor" vulnerability in a separate bug bounty and has been awarded 3 ETH. Details will be included after the upstream owners of the source have been fully informed and have had time to rectify this issue if necessary.

  2. {{Your Name Here?}}

Home

Important Information!

Market Taking

Market Making

Fees

Supported ERC20 Tokens

Bug Bounty

FAQ

Why Donate

History

TokenTrader & Factory

TokenSeller & Factory

GNTTokenTrader & Factory

Testing Results

Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.