New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Result of the Cointed (CTD) Token Bug Bounty program #11

Closed
vkonst opened this Issue Oct 20, 2017 · 5 comments

Comments

Projects
None yet
5 participants
@vkonst
Owner

vkonst commented Oct 20, 2017

Dear Issue reporters,

We want to thank everyone who contributed in the CTD smart contract Bug Bounty program.

Before Cointed published the CTD smart contract for public review, we had already charged the independent Swiss IT security company ChainSecurity with auditing the CTD smart contract. No serious bugs were found during this review. The public audit document of this review can be found here.

For the sake of transparency and impartiality, Cointed also charged ChainSecurity with the task to assess the severity of all issues reported as a result of the CTD Bug Bounty program.

The final result of the review is as follows:
Neither Cointed, nor ChainSecurity were able to find any “bug” in the issues, which have been reported.
Despite the fact that none of the reported issues represented what could be considered a “bug”, we still decided to change the contract’s code based on certain reports, because we care about deploying the most beautiful and clean code possible.

As a Thank-You for their work, we decided to compensate the issue reporters who suggested these changes anyway. The following issues have influenced the latest changes to the smart contract:

#5 by merlox: Overflowing issues and related ( … 3 issues )
Cointed’s Thank-You: 2 ETH

#2 & #3 by pauliax: function Approve in StandardToken.sol & Mark functions with a specific access level ( … 2 issues )
Cointed’s Thank-You: 1 ETH

#4 by codingupastorm: Constructor sets owner twice ( 1 issue )
Cointed’s Thank-You: 0.5 ETH

Further explanations have been posted as comments in the code.
With these changes, the code has now been deployed successfully. The full CTD smart contract can be found here.

The changes are also documented in the latest ChainSecurity public report found above.

The aforementioned Bountyhunters have two options to inform us of their ETH wallet address:

  1. Posting their ETH wallet address as a comment here
  2. Sending their ETH wallet address as a plaintext email to bugbounty@cointed.com and posting the SHA256 hash of the content here

A big Thank-You again to all participants from the whole Cointed IT department!

@vkonst vkonst changed the title from Provide results of the Bug Bounty program to Result of the Cointed (CTD) Token Bug Bounty program Oct 21, 2017

@pauliax

This comment has been minimized.

Show comment
Hide comment
@pauliax

pauliax Oct 24, 2017

D5BDD49632F5281C62257EB9C727FFF9AC16564E070A544A4EA5F033A646D5FC

pauliax commented Oct 24, 2017

D5BDD49632F5281C62257EB9C727FFF9AC16564E070A544A4EA5F033A646D5FC

@codingupastorm

This comment has been minimized.

Show comment
Hide comment
@codingupastorm

codingupastorm Oct 28, 2017

0xcc8a3e30396c32c4e6e94fca273a5827c1deb0ab

codingupastorm commented Oct 28, 2017

0xcc8a3e30396c32c4e6e94fca273a5827c1deb0ab

@merlox

This comment has been minimized.

Show comment
Hide comment
@merlox

merlox Oct 31, 2017

0x7461CCF1FD55c069ce13E07D163C65c78c8b48D1

merlox commented Oct 31, 2017

0x7461CCF1FD55c069ce13E07D163C65c78c8b48D1

@vkonst

This comment has been minimized.

Show comment
Hide comment
@vkonst

vkonst Nov 7, 2017

Owner

Cointed’s Thank-You has been paid out.
A big Thank-You again to all participants!

Owner

vkonst commented Nov 7, 2017

Cointed’s Thank-You has been paid out.
A big Thank-You again to all participants!

@vkonst vkonst closed this Nov 7, 2017

@brianrio

This comment has been minimized.

Show comment
Hide comment
@brianrio

brianrio Feb 16, 2018

0xfe4d5aDd80447972d168ED6A07106df5482f39BE

brianrio commented Feb 16, 2018

0xfe4d5aDd80447972d168ED6A07106df5482f39BE

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment