Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug Bounty: up to 50 ETH] Kleros - Realito Integration #244

Open
clesaege opened this issue Mar 27, 2019 · 8 comments

Comments

Projects
None yet
3 participants
@clesaege
Copy link
Member

commented Mar 27, 2019

Kleros - Realitio Integration

This is a bug bounty on the Realitio Arbitrator Proxy contract and on Realitio.

Bugs are rewarded up to 50 ETH according to this classification:

  • Critical Bugs: 50 ETH
    for bugs that can significantly change the result of the Oracle or lead to a party losing a significant amount of ETH.
  • Major Bugs: 25 ETH
    for bugs that can prevent a party to win a significant amount of ETH it should otherwise have won.
  • Minor Bugs: 5 ETH
    for smaller bugs.

If you find a bug you can send a mail to clement@kleros.io and enrique@kleros.io.

Realtio Arbitrator Proxy

Bounty

Smart Contract Guidelines

We use those guidelines to write smart contracts. In particular, we do not try to prevent stupid behaviors at the contract level but leave this task to the UI. Letting the possibility to a user to harm itself is not a vulnerability (but should of course be dealt at the UI level).

Violation of guidelines are not vulnerabilities but can be reported as "suggestion for tips". Note that we've developed the proxy but not Realitio. This means Realitio code may follow different guidelines.

Bounty Rules

  • If you have any questions, don't hesitate to ask on the slack channel (slack.kleros.io #smart-contract-review) or by sending a mail to clement@kleros.io .
  • All this code is provided under MIT license and can be reused by other projects. If you don't hesitate to inform us and we may list your deployed contracts in the @deployed of the RAB pragma.
  • Good luck hunting and have fun hunting!

@clesaege clesaege pinned this issue Mar 27, 2019

@gitcoinbot

This comment has been minimized.

Copy link

commented Mar 27, 2019

Issue Status: 1. Open 2. Started 3. Submitted 4. Done


This issue now has a funding of 5.0 ETH (691.06 USD @ $138.21/ETH) attached to it as part of the @kleros fund.

@clesaege clesaege changed the title [Bug Bounty: up to 50 ETH] Keros - Realito Integration [Bug Bounty: up to 50 ETH] Kleros - Realito Integration Mar 27, 2019

@gitcoinbot

This comment has been minimized.

Copy link

commented Mar 27, 2019

Issue Status: 1. Open 2. Cancelled


The funding of 5.0 ETH (691.06 USD @ $138.21/ETH) attached to this issue has been cancelled by the bounty submitter

@gitcoinbot

This comment has been minimized.

Copy link

commented Mar 27, 2019

Issue Status: 1. Open 2. Started 3. Submitted 4. Done


This issue now has a funding of 5.0 ETH (691.06 USD @ $138.21/ETH) attached to it as part of the @kleros fund.

@gitcoinbot

This comment has been minimized.

Copy link

commented Apr 6, 2019

Issue Status: 1. Open 2. Started 3. Submitted 4. Done


Work has been started.

These users each claimed they can complete the work by 4 days, 5 hours from now.
Please review their action plans below:

1) cliff-burchfield has started work.

Hello,

I am new to the bounty program and was searching around trying to figure out where to start. Should I just pull the repo and start tinkering around for bugs? I know this is pretty basic but i'm new to this space. Please let me know when you get a chance.

Learn more on the Gitcoin Issue Details page.

@clesaege

This comment has been minimized.

Copy link
Member Author

commented Apr 6, 2019

Hi,

Yes, you can search for bugs on the contracts mentioned in the issue.

Cheers,

@gitcoinbot

This comment has been minimized.

Copy link

commented Apr 8, 2019

Issue Status: 1. Open 2. Started 3. Submitted 4. Done


Work has been started.

These users each claimed they can complete the work by 14 hours from now.
Please review their action plans below:

1) cliff-burchfield has started work.

Hello,

I am new to the bounty program and was searching around trying to figure out where to start. Should I just pull the repo and start tinkering around for bugs? I know this is pretty basic but i'm new to this space. Please let me know when you get a chance.

Learn more on the Gitcoin Issue Details page.

@pacamara

This comment has been minimized.

Copy link

commented Apr 8, 2019

@clesaege Hi! Have emailed you POC code for an attack. 🍻

@pacamara

This comment has been minimized.

Copy link

commented Apr 10, 2019

The issue has been discussed privately with the funders and is not deemed a live security risk. However a couple of suggestions for minor improvements arise from it, which I've filed above.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.