Graviton Exploit Exploration mission

This program provides rewards for the most comprehensive, well-considered and fully described submissions of potential vulnerabilities of Graviton app frontend, backend infrastructure, and smart contracts.

Rules

Please have a look at the bullet points below before starting your exploration mission.

  • All bug reports must be submitted to [email protected], preferably with the subject "Graviton Exploit Exploration".

  • Public disclosure of a vulnerability makes it ineligible for a reward.

  • Please note that the infrastructure on Fantom and Ethereum, or Gnosis safe wallet are not part of the Exploit Exploration Mission (only Graviton products are subject to testing).

Rewards

Graviton Exploit Exploration Mission considers a number of variables in determining rewards. Determinations of eligibility, quality assessment and all terms related to an award are at the sole discretion of multisig signers.

Template

Please, submit a vulnerability using the following template:

The points marked with an asterisk (*) are obligatory.

  • Your name *

  • Your Telegram account *

  • Short description of a vulnerability * Example: Remote Denial-of-service using non-validated blocks.

  • Attack scenario * Example: An attacker can attempt to mine blocks which may require some resource-heavy computation (up to the maximum gasLimit) but provide no proof-of-work. If the attacker sends blocks continuously, the victim node may be forced into 100% CPU utilization.

  • Components Example: Go client version v0.6.8

  • Reproduction * Example: Send a block to a testnet node which contains many txs but no valid PoW (or a link to a Github Gist with reproduction details).

  • Details Any other details not covered. Can also contain links to GitHub Gists, repos containing code samples, etc.

Exploration Field

You can find the list of the test smart contracts on Fantom to be examined in the table below. Please note that any submissions of the user application bugs are also accepted.

Through the Faucet contract, you will be able to receive 100 test tokens per user (TestGTON and TestLP) required for testing the PortGTON и PortLP contracts.

contracts under review

BalanceKeeper

0xfe650Edf39B01b582EDFc75dE9CDC4e01C2a53CC

tracks user balances

BalanceEB

0xB6852Da1251e4fae8d62ac8110C222B99C54BF9F

updates balanceKeeper with values from farmEB and impactEB

BalanceStaking

0x0C873F0aa815815B434bf25C6be868d9Df981066

updates balanceKeeper with values from farmStaking

Voter

0xAfEa79A5c1a862AE6443ebF5868d9BB4c491eF73

here users can cast votes equal to their balances on balanceKeeper

PortGTON

0x4917b0D2a561716F63E0838f6A7D50c20a88cEeE

updates balanceKeeper on locking and unlocking GTON

PortLP

0x3f3E14906776a1d06Ce0aBfC066bb932d11e7A50

updates balanceKeeper on locking and unlocking LP

utility contracts

TestGTON

0x44ec6bcc2B3dC8b1bBB78c8dfb5C0d72Acd41D87

TestLP

0xFa40186cd2c0cb7B451E58a42f0b51a4F3c6C1E9

Faucet

0x5c2af6170F9031aB43a780376F993016d2eCfc70

drops 100 testGTON and testLP per user

support contracts

farmStaking

0xF1b64cB91FFE82F8eFF2575669856a28B30A0450

calculates fading curve of staking

farmEB

0xa4e8C675f0E1DDbD2361324e909361ff9455222c

calculates fading curve of unlocking gton for early birds

impactEB

0x89bE71535fFC044CC829EE8B919Cd145d71154E4

tracks early birds impacts