Check out the Issue Explorer
Looking to fund some work? You can submit a new Funded Issue here.
Review the smart contracts and tests in this repository. Identify and propose a fix for a bug. Submissions will be reviewed by the Bloom team and rewards will be issued according to the severity. Here are some examples:
- Public/external/internal/private `on` functions. Check to make sure anything public cannot be abused.
- Proper modifiers to restrict access to certain functions, like `onlyDuringInitialization`.
- Front-running attacks: can someone submit delegated transactions in a different order or use the same signature in different functions to have different effects?
- Token escrow: can tokens ever be minted? Check the math for adjusting escrow balances.
- Signature re-use: are all signatures burned after using them so they can't be replayed?
- Test coverage: run the tests (./bin/test) and review the test cases; check for missing test scenarios.
- Third-party party contracts like Ownable.sol, SafeMath, SafeERC20. Are they used appropriately?
Here is our bug bounty payment rubric/guideline: