Contracts were updated. Please check the new addresses below. Changes allow for better tracking of GNO token transfers.

Welcome again bounty hunters!

Following our first bug bounty we are starting the next round of our bug bounty program for all contracts and software relevant for our upcoming token launch. Read more about our token launch mechanics here.

Major bugs will be rewarded with up to $5,000. Much higher rewards are possible (up to $50,000) in the case of very severe vulnerabilities. All rewards are paid in GNO tokens after the auction ends.

$500: For any spec. bug in this document.

$5,000: Any bugs leading to a redeploy of our auction

$20,000 reward for bugs allowing trusted parties to “steal” funds

Example: A multisig owner can move funds above the daily limit without multisig.

Example: A multisig owner can move funds above the daily limit without multisig. $50,000 reward for bugs allowing non-trusted 3rd parties to steal funds

Example: An unauthorized third party can move funds out of the multisig.

Most of the rules on https://bounty.ethereum.org apply. For example: First come, first serve. Issues that have already been submitted by another user or are already known (such as these) to the team are not eligible for bounty rewards.

A brief introduction to the Dutch auction contract

Before the auction starts:

The dutch auction starts at a very high price per GNO token. The price decreases with every block:

gnoPrice = priceFactor * 1 ether / (block.number — startBlock + 7,500) + 1

In code:

https://github.com/ConsenSys/gnosis-contracts/blob/security_audit/contracts/solidity/DO/DutchAuction.sol#L236

In code: https://github.com/ConsenSys/gnosis-contracts/blob/security_audit/contracts/solidity/DO/DutchAuction.sol#L236 The priceFactor will be selected by the Gnosis team shortly before the auction starts. The priceFactor is chosen, such that the start price for one GNO will be $30 at the time the auction starts.

will be selected by the Gnosis team shortly before the auction starts. The is chosen, such that the start price for one GNO will be $30 at the time the auction starts. The maximum receivable amount (ceiling) is ETH valued $12.5M.

The amount in ETH will be set shortly before the auction starts using the changeSettings function.

function. After the auction starts, the ceiling as well as the priceFactor cannot be changed.

as well as the cannot be changed. The auction is triggered by a transaction from the Gnosis multisig wallet to the dutch auction contract function startAuction.

During the auction:

Bids are accepted via the bid function until ceiling or the stop price is reached (gnoPrice <= stopPrice).

function until ceiling or the stop price is reached (gnoPrice <= stopPrice). The stop price is based on the following formula:

stopPrice = totalReceived / 9,000,000 + 1

In code:

https://github.com/ConsenSys/gnosis-contracts/blob/security_audit/contracts/solidity/DO/DutchAuction.sol#L226

In code: https://github.com/ConsenSys/gnosis-contracts/blob/security_audit/contracts/solidity/DO/DutchAuction.sol#L226 The stop price guarantees that the Gnosis team retains at least 10% of all tokens.

ETH is sent to the Dutch auction contract, which is forwarding ETH to the multisig contract in the same transaction. The Dutch auction contract will never hold ETH.

The bid function allows to bid on behalf of another user (the receiver). This is required for a ShapeShift integration allowing users to directly buy GNO with any supported currency.

If a bid exceeds the ceiling, the maximum amount will be bid and the difference will be returned (to the receiver).

After the auction:

After the auction is ended, there is a one week waiting period.

After the one week waiting period everyone can claim their tokens with the claimTokens function and trading can start.

function and trading can start. Because of rounding, every bidders’ GNO shares may be rounded down by 1 GNO wei. This is why the auction contract may still have up to #(bidders) * GNO wei in its contract after every bidder claimed their tokens.

Scope of Gnosis Bug Bounty Program

Within scope:

JavaScript code interacting with smart contracts:

The contracts are deployed on the mainnet:

Contracts are compiled with Solidity version 0.4.4. The solidity compiler should compile to the same bytecode on every system. Please follow the instructions in the readme to deploy contracts and produce the same bytecode: https://github.com/ConsenSys/gnosis-contracts/tree/security_audit#install

Use the tokenAuction.json file as input for the deploy script: python deploy.py -f deploy/tokenAuction.json

Out of scope:

Bugs related to Internet Explorer

All browser rendering bugs that don’t affect the display of critical information such as ETH, GNO

Most user experience improvements on the frontend

https://github.com/ConsenSys/gnosis-contracts code that is outside the scope defined above

Examples of what’s in scope

Being able to obtain more tokens (GNO) than expected

Being able to obtain GNO from someone without their permission

Bugs in eth-lightwallet that lead to loss or theft of ETH

Bugs causing a transaction to be sent that was different from what a user confirmed: for example, a user transfers 10 GNO in the UI, but exactly 10 wasn’t transferred.

Examples of what’s out of scope

Most user experience improvements on the frontend, for example, some part of the website doesn’t update unless the page is refreshed

Submission deadline

The bug bounty ends on the day GNO becomes tradable, one week after the auction is over. However, the bounty program is still open for submissions regarding eth-lightwallet that have not been identified and fixed in newer versions of eth-lightwallet.

Responsible Disclosure Policy

If you comply with the policies below when reporting a security issue to us, we will not initiate a lawsuit or law enforcement investigation against you in response to your report.

We ask that:

You give us reasonable time to investigate and mitigate any issue you report before making public any information about the report or sharing such information with others.

You make a good faith effort to avoid privacy violations and disruptions to others, including (but not limited to) destruction of data and interruption or degradation of our services.

You do not exploit a security issue you discover for any reason. (This includes demonstrating additional risk, such as attempted compromise of sensitive company data or probing for additional issues.)

You do not violate any other applicable laws or regulations.

Contact

Email your submissions to: bounty@gnosis.pm

Don’t forget to include your BTC or ETH address so you can be rewarded (If more than one address is specified, only one will be used at the discretion of the bounty program administrators).

Anonymous submissions welcome.

For questions use the forum: https://forum.gnosis.pm/