Workers Auto Approve
Loopring Protocol 3.0 Beta2 Bug Bounty
Ethereum, DEX, Protocol, ZeroKnowledgeProof, SmartContract, Solidity
**Loopring has allocated up to 1,000,000 LRC for those who identify significant security issues in [Loopring Protocol 3.0](https://medium.com/loopring-protocol/loopring-3-0-overview-from-a-to-zksnarks-2c542e6c07b0).**
Loopring is an orderbook-based DEX protocol. The [3.0 version](https://github.com/Loopring/protocols/blob/master/packages/loopring_v3/DESIGN.md) scales by migrating most storage and computation off the Ethereum blockchain. User balances and order trading histories are maintained as part of an off-chain Merkle tree per DEX.
Requests, such as deposits, withdrawals, order cancellation, and trade settlements, are processed as batches to update the Merkle tree. For each batch, the DEX operators only need to publish a 32 bytes post-processing Merkle tree root to Ethereum - and then, asynchronously, provide a Zero-Knowledge proof to verify user balances and order trading histories have been updated strictly by the rules enforced by the protocol.
Thanks to SNARKs, Loopring can settle up to 660 trades per second. If the on-chain data-availability feature is enabled, Loopring can still settle 200 trades per second. We expect to implement a more efficient data compression solution to offer even higher throughput.
The current beta release, [v3beta2](https://github.com/Loopring/protocols/tree/loopring_v3_beta2_bin/packages/loopring_v3), supports the following features:
- Symmetric order modelling: All orders take the same format, regardless if they are maker orders or taker orders.
- Dual Authoring: This is inherited from the previous versions to prevent orders or settlement requests from being stolen.
- Order auto-scaling and partial matching.
- Withdrawal mode: When a DEX fails to fulfill duties enforced by the protocol, users can withdraw their full balances by providing valid Merkle proofs (and the DEX operator got slashed). If on-chain data-availability is on, Merkle proofs can be generated merely from on-chain data; otherwise, users will have to request data from DEX operators.
- Maintenance mode: Loopring provides a way for DEX operators to temporarily suspend user requests so they can upgrade their infrastructure. This is critical to ensure DEXes can be truly production-ready.
- Proactive withdrawal distribution: Loopring DEX operators distribute approved withdrawn balances back to users' addresses in a proactive way. This means users do not have to take a second action to get their tokens back to their own wallets - same as centralized exchanges.
### Bounty Rules
- We'll pay up to **250,000 LRC** for each critical bug, defined as a bug that causes all funds to be susceptible to loss;
- up to **100,000 LRC** for each bug that causes one user's funds to be susceptible to loss;
- and up to **50,000 LRC** for other bugs.
- **(updated) This bounty program is valid for 3 months (Oct 13, 2019).***
Performance enhancement suggestions are welcomed but do not qualify for bounties. We have many existing ideas on how to improve the throughput and/or lower the cost. That said, if your idea is truly inspiring and eventually gets adopted, we may still grant you some tokens at our discretion.
This bounty program is set up **only for the Smart Contracts** in [v3beta2](https://github.com/Loopring/protocols/tree/loopring_v3_beta2_bin/packages/loopring_v3), circuits excluded. Bugs found in other versions don't qualify. The [Design Doc](https://github.com/Loopring/protocols/blob/master/packages/loopring_v3/DESIGN.md) is something **you must read** to understand the overall design and solidity code.
### How to participate
- Create an issue at https://github.com/Loopring/protocols/issues.
- Prefix your issue with **[Protocol3]**, and add **Loopring Protocol 3** as Projects. Please also label it as **Bug** and **Bounty** .
- If you just want to reach out to ask questions, please also create an issue - unless there is a duplicate one, and label it as **discussion** instead.
Thanks! Looking forward to the community's help. Happy hunting!
### Important Update:
**When you identified a bug, please check if it has already been fixed on the master branch. If so, the bug is not valid for claiming a reward.**
Setup your profile
Tell us a little about you:
No results found for
Type to search skills..
Required [[totalcharacter]] / 240
Are you currently looking for work?
[[ option.string ]]
Setup your profile
Our tools are based on the principles of earn (💰), learn (📖), and meet (💬).
Select the ones you are interested in. You can change it later in your settings.
I'm also an organization manager looking for a great community.
Enable your organization profile
Gitcoin products can help grow community around your brand. Create your tribe, events, and incentivize your community with bounties. Announce new and upcoming events using townsquare. Find top-quality hackers and fund them to work with you on a grant.
These are the organizations you own. If you don't see your organization here please be sure that information is public on your GitHub profile. Gitcoin will sync this information for you.
Select the products you are interested in:
Out of the box you will receive Tribes Lite for your organization. Please provide us with a contact email: