Graviton Exploit Exploration mission
This program provides rewards for the most comprehensive, well-considered and fully described submissions of potential vulnerabilities of Graviton app frontend, backend infrastructure, and smart contracts.
Please have a look at the bullet points below before starting your exploration mission.
- All bug reports must be submitted to [email protected], preferably with the subject "Graviton Exploit Exploration".
- Public disclosure of a vulnerability makes it ineligible for a reward.
- Please note that the infrastructure on Fantom and Ethereum, or Gnosis safe wallet are not part of the Exploit Exploration Mission (only Graviton products are subject to testing).
Graviton Exploit Exploration Mission considers a number of variables in determining rewards. Determinations of eligibility, quality assessment and all terms related to an award are at the sole discretion of multisig signers.
Please, submit a vulnerability using the following template:
- Your name *
- Your Telegram account *
- Short description of a vulnerability * Example: Remote Denial-of-service using non-validated blocks.
- Attack scenario * Example: An attacker can attempt to mine blocks which may require some resource-heavy computation (up to the maximum gasLimit) but provide no proof-of-work. If the attacker sends blocks continuously, the victim node may be forced into 100% CPU utilization.
- Components Example: Go client version v0.6.8
- Reproduction * Example: Send a block to a testnet node which contains many txs but no valid PoW (or a link to a Github Gist with reproduction details).
- Details Any other details not covered. Can also contain links to GitHub Gists, repos containing code samples, etc.
You can find the list of the test smart contracts on Fantom to be examined in the table below. Please note that any submissions of the user application bugs are also accepted.
Through the Faucet contract, you will be able to receive 100 test tokens per user (TestGTON and TestLP) required for testing the PortGTON и PortLP contracts.
contracts under review | | |
BalanceKeeper | 0xfe650Edf39B01b582EDFc75dE9CDC4e01C2a53CC | tracks user balances |
BalanceEB | 0xB6852Da1251e4fae8d62ac8110C222B99C54BF9F | updates balanceKeeper with values from farmEB and impactEB |
BalanceStaking | 0x0C873F0aa815815B434bf25C6be868d9Df981066 | updates balanceKeeper with values from farmStaking |
Voter | 0xAfEa79A5c1a862AE6443ebF5868d9BB4c491eF73 | here users can cast votes equal to their balances on balanceKeeper |
PortGTON | 0x4917b0D2a561716F63E0838f6A7D50c20a88cEeE | updates balanceKeeper on locking and unlocking GTON |
PortLP | 0x3f3E14906776a1d06Ce0aBfC066bb932d11e7A50 | updates balanceKeeper on locking and unlocking LP |
utility contracts | | |
TestGTON | 0x44ec6bcc2B3dC8b1bBB78c8dfb5C0d72Acd41D87 | |
TestLP | 0xFa40186cd2c0cb7B451E58a42f0b51a4F3c6C1E9 | |
Faucet | 0x5c2af6170F9031aB43a780376F993016d2eCfc70 | drops 100 testGTON and testLP per user |
support contracts | | |
farmStaking | 0xF1b64cB91FFE82F8eFF2575669856a28B30A0450 | calculates fading curve of staking |
farmEB | 0xa4e8C675f0E1DDbD2361324e909361ff9455222c | calculates fading curve of unlocking gton for early birds |
impactEB | 0x89bE71535fFC044CC829EE8B919Cd145d71154E4 | tracks early birds impacts
|
Last modified 1yr ago