Author

Topic: [BOUNTY] Callisto Network - Cold Staking Contract Bug Bounty (Read 371 times)

tio
jr. member
Activity: 133
Merit: 7
“Everything you need to know about Cold Staking”

This article was posted today by @Dexaran on Medium. Please visit a link below to read it full….


https://medium.com/@dexaran820/everything-you-need-to-know-about-cold-staking-6260c3c8305f
tio
jr. member
Activity: 133
Merit: 7
We invite everyone to join our $CLO #BugBounty program!

https://github.com/EthereumCommonwealth/Cold-staking
full member
Activity: 1540
Merit: 121
Callisto Network - Security Audits & Cold Staking

     


           


Callisto Network is a decentralized open source crypto platform
based on the go-Ethereum source code with its own cryptocurrency CLO.

The main goal of Callisto is to research, develop a reference implementation
of a self-sustaining self-governed self-funded blockchain
ecosystem and development environment.

Callisto aims to establish a secure and contribution-friendly environment
for further protocol development and improvements.
Callisto will rely on a built-in system of smart-contracts to achieve this goal.





THE COLD STAKING CONTRACT

One of the main features of Callisto is the Cold Staking, this is a system contract of Callisto Network.
The main purpose of this contract is to allow users to stake their CLO by locking it for a certain period of time and receive interest on CLO emission as a reward.

A user is staking coins by simply depositing it into the contract.
The contract will receive 20% of block reward - this is enforced at protocol level.
The user can not withdraw his deposit or staked coins before a certain period of time.
If a staker is inactive for longer than 2 years he is considered to be inactive and is disposed from the staking contract.

The contract must allow users to :

1. Deposit CLO into the contract after the contract launch date (i.e. "stake" it)
2. Withdraw CLO after the specified amount of time,
3. Withdraw staking rewards.


Contract provides specific functionality for Treasurer allowing him to :

1. Stop/unstop the contract,
2. Withdraw the amount of funds allocated for staking rewards and
3. Remove his Treasurer role privileges (not earlier than at block 1800000).


Implementation Pattern :

   1. Security audit of the Cold Staking contract.

   2. Bug bounty.

   3. Contract will be compiled and deployed at Callisto Mainnet before the hardfork date.

   4. At 11th November, the hardfork №1 will be enabled. Contract will start to receive 20% of block rewards. Staking will not be enabled instantly.

   5. At 12th November 0:0 UTC the staking will become available.


Source Code - ColdStaking


For more information read the formula description or staking implementation discussion.




COLD STAKING CONTRACT'S AUDIT BY CALLISTO SECURITY AUDIT TEAM :


The official security audit of the cold staking contract by the Callisto team is available at :
https://github.com/EthereumCommonwealth/Auditing/issues/77

Here you can find the latest amendments that have been made to fix a couple of findings :
https://github.com/EthereumCommonwealth/Cold-staking/commit/17b42f220a5d55b39053a4f72b8c77b2fcafea57






THE BUG BOUNTY

Rewards are paid in CLO.
As of 11th October, 1 CLO = 0.00000221 BTC.

1. Critical issue : Up to 1,000,000 CLO (~2,2 BTC) reward for finding a critical bug. A critical error is an error that can be directly exploited and cause a loss of funds for cold stakers regardless of circumstances.

2. Medium severity issue : 200,000 CLO (~0,442 BTC) for finding security vulnerabilities and bugs, that could not be directly exploited but can affect contracts in some specific circumstances and can cause a loss of funds for a certain stakers. Any bugs that can occur in some specific circumstances and violate contracts workflow, resulting in a loss of funds for cold stakers.

3. Low severity issue : 50,000 CLO (~0,11 BTC) for finding security vulnerabilities and bugs, that can not affect users other than the sender of the transaction.Any code flaw, that grants a user an opportunity to harm himself by causing a loss of funds for his staking account.

4. Minor observation, non-security issue : 10,000 CLO for valuable code improvements, non-security issues and other flaw reports. Any code flaw, that can not cause a loss of funds or a direct breach of the contract but can cause inconveniences somehow.


NOTES

   - "Loss of funds" means loss of deposited stake only. Any loss of "staking reward" will be classified as a medium severity issue.

    - Comment improvements are not paid.

    - The cold staking contract is currently undergoing a security audit. Issues reported by security auditors also count. Security auditors do not receive bugbounty rewards since they are paid separate salaries.

    - Please, do not reveal your bug reports before the end of security audit (it end date of the security audit will be announced at the comment below).


PARTICIPATING

    - Create a secret gist.

    - Describe the bug in the created gist.

    - Wait for security audit to end. Keep your gist private.

    - Publish the link to your gist (URL) on our Bug Bounty section on Github at the comment below.

The first person to create a bug-report gist will be rewarded. Reporting issues that were already reported will not be rewarded i.e. if two persons report the same issue, only the one who did it earlier, will be rewarded.

OUR BUG BOUNTY IS OPEN AND WILL BE RELEVANT UNTIL 11th NOVEMBER 2018
Jump to: