Critical Instanbul Bugs: 20 ETH Bounty, subject to exponential decay conditions set below. | gitcoinco Funded Issue Detail | Gitcoin

The Global Communities Virtual Hackathon runs December 2nd to December 17th - Check out the Details. ×

Grow Open Source

Back to Issue Explorer

Time left

Opened

Issue Type

Workers Auto Approve

Project Type

Time Commitment

Experience Level

Permissions

Accepted

Reserved For

Description

Contributors

Work Started

Work Submitted

Work Paid

All Activity

Funder

Funder :

Email :

Critical Instanbul Bugs: 20 ETH Bounty, subject to exponential decay conditions set below.gitcoincoEcosystemThis bounty is inspired by [The broken EIP security incentive](https://medium.com/@decanus/the-broken-eip-security-incentive-71fbdf25ab02). This is a bounty worth up to 20 ETH for any Istanbul Hard Fork EIP - that has been accepted into the Istanbul HardFork by the core devs. - that you can find a *critical* security hole in. Severity is judged by the OWASP model, as my discretion: ![owasp-chart-1024x410](https://user-images.githubusercontent.com/513929/32194887-42f708f4-bd81-11e7-9e46-68f9c5744bf5.png) Payouts will be as follows: * Critical: 20 ETH, subject to exponential decay conditions set below. * High: 5 ETH, subject to exponential decay conditions set below. * Medium: Gitcoin Kudos * Low: Gitcoin Kudos * Note: Gitcoin Kudos # Bounty Payout Exponential Decay In order to incentivize the community to find bugs in the EIPs *early*, I will be applying the following exponential decay to the bounty payouts. * May 15th (when EIPs are finalized for Istanbul) -- 100% payout (20 ETH) * Instalbul Hard Fork Date (which I'm told is in the Fall sometime) - 25% payout (5 ETH) The decay curve of the bounty is visualized via this curve, which I have lifted from [this post](https://medium.com/@decanus/the-broken-eip-security-incentive-71fbdf25ab02): # Other terms * If you are a funder who would like to increase the incentive for this bounty to be solved early, and would like to do so by contributing to this bounty, please use the "contribute funds" feature on Gitcoin. * I will pay out the bounty with my funds once. If subsequent bugs are found in other EIPs, we will have to crowdfund the payouts. * Bounty must be claimed by a security researcher who is not an author of the EIP, and has not colluded with the EIP authors in any way. If collusion is detected, then any claims on the bounty by colluders are null & void. * Happy Bug Hunting

2019 September 19 - Gitcoin's Virtual Hackathon series has distributed over $400k to hackers across the world. Learn more

Transaction Processing

Work with ${user} again on your next bounty ?

No funded issue found.