We’re excited to announce that our COIN Token and crowdsale contracts are ready for review!

A professional audit has been performed by Hosho group, however, we invite all developers to review our code, provide feedback, and report any issues. In return, our bug bounty program will compensate the community for discovering issues that could potentially impact the security and performance of token itself.

Program Details

The scope of our bug bounty program includes the following contracts related to the COIN Token:

CoinvestToken.sol

ICO.sol

The COIN Token is a standard ERC223 token and the requirements for the ICO contract are listed on the GitHub readme located here: https://github.com/RobertMCForster/CoinvestAudit

Check out the following resources for detailed information regarding:

The bug bounty program runs from the publication of this post through the 3rd of March.

Compensation

Our team will assess each submission individually and assign a level of severity according to its likelihood and impact to the security and performance of the token itself. Compensation will depend on the severity of the issue found.

Rewards:

Critical: 10 ETH

A critical bug is a bug that will enable stealing of funds, loss of funds, or permanent disablement of a contract.

10 ETH A critical bug is a bug that will enable stealing of funds, loss of funds, or permanent disablement of a contract. High: 5 ETH

A high bug significantly affects the ability of the contract to operate. These would include ERC incompatibilities and non-working functions.

5 ETH A high bug significantly affects the ability of the contract to operate. These would include ERC incompatibilities and non-working functions. Medium: 2 ETH

Medium bugs entail an issue regarding the contract not operating as it was designed. For example, if the whale limit on our contract was able to be bypassed, that would be a medium bug.

2 ETH Medium bugs entail an issue regarding the contract not operating as it was designed. For example, if the whale limit on our contract was able to be bypassed, that would be a medium bug. Low: .5 ETH

Low bugs are less significant errors such as a send being able to fail without throwing.

.5 ETH Low bugs are less significant errors such as a send being able to fail without throwing. Informational: 0.1 ETH

Informational errors have no impact on the operation of a contract but should be brought to attention, such as a comment not matching the updated code.

All bugs are rewarded at the sole discretion of our team using the OWASP risk / severity model.

Note: Coinvest employees and paid auditors are not eligible for bounty compensation.

Please report bug bounty submissions to security@coinve.st.

For more information, please visit our website. Should you have any questions, please reach out to us on our Discord.