(NEW THREAD - Reposting with Gimmer's official BTT account)
PLEASE BE ADVISED:
This Bug Bounty Program T&C's are currently under revision. All the stakes rewarded up until now will still be rewarded.
This Bug Bounty Campaign is now being handled by Rok420 We are happy to announce the Gimmer Bug Bounty programme, which will continue till the end of the Token Sale.As announced prior in our
Bounty Threadthe allocation will be:
Discretionary - 5% (200,000 GMR)
Referral Bounty - 18% (720,000 GMR)
Bug Bounty - 3% - (120,000 GMR)
Bot Wars - 0%
(Bot Wars will be rolling out after the token sale, using the funds allocated for marketing and acquisition)
The bounty judges will determine the size of the stakes reward (which can convert up to 10 ETH max. for an individual), based on their evaluation of both the likelihood and impact of the bug.
Low: Upto 1000 stakes
Medium: Upto 3000 stakes,
Severe: Upto 7000 stakes, Please send your bug reports to
[email protected], with the subject
“BUG BOUNTY” and do join us on our
Bug Bounty Telegram Channel. As soon as your bug report is received, our bounty judges will evaluate the severity of the bug and will contact you.
Most of the rules on the Ethereum Foundation bug bounty program apply:First come, first served.
Issues that have already been submitted by another user or are already known to Cappasity are not eligible for bounty rewards.
Public disclosure of a vulnerability makes it ineligible for a bounty.
Paid auditors of the code are not eligible for rewards.
Determinations of eligibility, score and all terms related to the award are at the sole and final discretion of Gimmer.
Scope
Find bugs in all contracts related to the Gimmer crowdsale. You may find them in our GitHub repository.
Test and search for bugs there. It is important to do testing on computers that comply with the minimum configuration.
Test the platform. Provide us with the information on ways to disable or disrupt the security system and its database.
Find an attack on the website or via a user account. Please describe the way attackers deceive contributors.
If none of the above describes your request, you still have a chance to receive a reward by sending the found vulnerabilities to us.
Files that should be scavenged for bugs:
GimmerTokenSale.sol
https://github.com/GimmerBot/gmr-token/blob/master/contracts/GimmerTokenSale.solManages PreSale and Crowd Sale transactions. Highest priority to bugscavenge, as the code is mostly new and directly related to our specific token sale rules.
GimmerTokenSale.js
https://github.com/GimmerBot/gmr-token/blob/master/test/GimmerTokenSale.jsAutomated tests for both the Token Sale and GMR Token contracts. Coverage tests using this file can achieve 94% coverage (100% seems impossible at the moment as there are lines in the contract that can never be executed because of date limitations).
GimmerToken.sol
https://github.com/GimmerBot/gmr-token/blob/master/contracts/GimmerToken.solContract file for the GMR token. Basically a MintableToken with the addition that it can only be traded after minting is complete. Code for the GimmerToken is mostly Zeppelins with the addition of the trading block, so for this file in particular we were already covered by Zeppelins.
Latest PDF Documentation for the contracts:
https://github.com/GimmerBot/gmr-token/blob/master/documentation/GimmerTokenSaleContracts.pdfBe WARNED that leaking any vulnerability of the platform on any social media platforms or channels will lead to cancellation of Bounty and might also invite legal action.
We would be happy to reward you Bug Bounty in the form of GMR tokens if you find out vulnerabilities which would affect the Gimmer ITO launch, in case any backdoors are left open.
HAPPY BUG HUNTING !!!