Melon Bug Bounty

CALL TO ACTION: HACK THE MELON AND EARN THE RIGHT TO UP TO 500 MLN

The Melon team has officially deployed the first Melon fund on the Ethereum main net, in the context of the Melonport AG Bug Bounty Program.

The Melon fund has been deployed at the following address: 0x07DF3a090599dF552C00C60604c14A08B95D93d5. The fund will be managed by Melonport AG and will be live for about 2 weeks. 500 MLN have been invested in the fund by Melonport AG (ie. put at stake).

Melon Bug Bounty fund is live.

You got it, this is the time to show off your hacking skills.

Bug Bounty Program

In order to test the security of our smart contracts and thereby to detect possible bugs/vulnerabilities in our code, we invite and challenge everyone out there to try and extract the 500 Melon tokens from the deployed Melon Fund, using solely technical means (hacking of software code).

In the event that all or a portion of the 500 Melon are successfully extracted using technical means, the participant will be rewarded with the right to keep the 500 Melon tokens that he/she extracted from the Bounty Melon Fund.

Writing up a report around the full method of extraction in writing to security@melonport.com will lead to the full reward as well as a possible added bonus.

If one happens to find a vulnerability regarding the safety of the funds within our smart contracts, which is different than extracting the funds from the contract (eg. locking the funds, destroying the funds -all fun and fancy things), please report the bug to security@melonport.com. In case the report is valid and the vulnerability has not been executed, Melonport AG may decide to reward you with up to 500 MLN.

We kindly ask anyone who wishes to participate to carefully read the terms and conditions of this Bug Bounty Program, right there.

I just want to hack around, what is this?

Melon is a blockchain software that seeks to enable participants to set up, manage and invest in technology regulated investment funds in a way that reduces barriers to entry, while minimizing the requirements for trust. It does so by leveraging the fact that digital assets on distributed quasi-Turing Complete machines can be held solely by smart-contract code, and spent only according to preprogrammed rules within this code.

In other words, the Melon protocol is a set of smart contracts that define the rules by which a technology regulated fund can be managed, and its underlying assets spent. A Melon Fund is a smart contract by itself, that is intended to hold digital assets, and therefore large amount of value.

If you manage to extract the digital tokens held by the Melon fund smart contract, and transfer them to an address under your control, then you can rightfully keep the Melon tokens extracted (promised, no hard feelings).

This Bug Bounty program intends to test the robustness of our reference implementation of the Melon protocol, which is written in Solidity as of now.

Useful resources:

The Melon team hopes you have a pleasant dive into the Melon code. That being said, we know you like us, but now is time to put your feelings to the side and hack us!

As always, if you have any questions, please join our Gitter channel or Telegram channel.

One more thing: The Melon frontend is linked up to the main net and deployed as a Parity Dapp (just in case you want to create your own fully decentralized technology regulated fund…).

Melon Team ❤

NB: At the time of publishing this post, the Melon Bug Bounty Fund has been funded with ~476 MLN. The remaining will be added in the next 24 hours.

This blog post is subject to change as the research & development phase is ongoing. Melonport will aim to update blog-posts regularly to represent our latest thinking on a best-efforts basis but there may occasionally be time-lags between latest thinking and updated documentation. With this in mind, the author of this blog assumes no responsibility or liability for any errors or omissions in the content of this blog.