Check out the Issue Explorer
Looking to fund some work? You can submit a new Funded Issue here.
### Coinvest has opened our V3 token and Investment contracts bug bounty! ###
### Details ###
Our [readme](https://github.com/CoinvestHQ/COIN/blob/master/README.md) has details on the operation of the contract. Please review that before posting any bounties.
### Contracts ###
The contracts in scope are:
### Additional Intended Behavior ###
The COIN token is based on the ERC865 standard. This allows users to pay gas using COIN instead of ether when the transaction is sent through a delegate.
The previous version of the COIN token had a transaction malleability error stemming from using signatures as unique identifiers so keep an eye on this contract!
There is also a TokenSwap contract created in order to allow for the exchange of COIN V1 and COIN V2 to COIN V3. V1 is an ERC223 token, V2 is our old ERC865, and V3 is our new ERC865.
Investment, UserData, and Bank:
These contracts form an investment system that allows users to purchase and sell singular and indexed assets at market price. When a user purchases, CryptoCompare is queried through Oraclize for the current price of the asset, then funds are transferred from the user to the bank for safe-keeping.
UserData is then modified on a successful purchase and will keep track of all user holdings.
Buys and sells must be able to be made using COIN, must be able to be made using our token's pre-signed system, and must be able to exchange COIN for CASH or vice versa (to name a few requirements). CASH is a stablecoin element of our system that is not yet being launched, so for now we also need to be sure no vulnerabilities come from NOT having CASH.
The pre-audit version of this contract had a bug related to how the CryptoCompare API returns results so make sure to examine all parts of the system.
### Rewards ###
Critical: 15 ETH
A critical bug is a bug that will enable stealing of funds, major loss of funds, or permanent disablement of a contract.
Major: 5 ETH
A major bug significantly affects the ability of the contract to operate. These would include ERC incompatibilities (ERC865 not applicable because of its lack of maturity) and certain functions being unable to operate.
Minor: 1 ETH
Minor bugs entail an issue regarding the contract not operating as it was designed, but in a non-threatening manner.
### Contact Info ###
Please submit any bugs to firstname.lastname@example.org bugs should be e-mailed to us, not submitted as an issue. The Token Bug Bounty will end on 11/4/18 and the Investment Contracts Bug Bounty will continue indefinitely. All rewards are issued at the sole discretion of the Coinvest team.