Gnosis Launches Bug Bounty Program for DutchX
Gnosis (GNO) is running a bug bounty for recently revised smart contracts on their DutchX platform according to a blog post, May 06, 2019. There are three tiers of bounty; high ($10,000), ($5000), and low ($1000). The Magnolia (MGN) pool on DutchX will have $5000 of ETH and $5000 of GNO to incentivize people to hack it.
Bug Bounty Paid in Ether
One of the oldest projects on the Ethereum blockchain, Gnosis, has freshly deployed smart contracts to its decentralized trading protocol, DutchX, in order to quickly rectify any bugs in the contracts. There are two new smart contracts on DutchX; an arbitrage contract and an MGN pool that acts as an ERC-20 pooling contract.
The arbitrage contract is between DutchX and Uniswap, a fully decentralized exchange also built on the Ethereum blockchain, while the MGN pool contract is built to enable easy and continuous user engagement in the sell side of DutchX auctions with minimal interaction. Both of these contracts have undergone a full audit process to ensure they are deployable.
The scope of the program includes all contracts that come under the purview of both of these integrations on the platform. The bugs do not necessarily have to result in the contract being redeployed in order to earn the identifier a bounty; any attack that can steal funds or threaten the integrity of the network would be considered a high threat and worthy of a $10,000 bounty.
Bots, browser bugs, manipulation of price feed, changing the GAS solution, and other points listed in the audit report are out of the scope of the bounty program and will not earn the identifier anything. This bounty is currently active and will continue to be so until May 12, 2019, at 12:00 GMT+2.
Legal Action for Exploiting Vulnerabilities
The announcement on their blog states they will not take legal action against reporters so long as they comply with the scope and certain statutes set by Gnosis.
The company asks for a reasonable time to investigate an issue report before making any such information public, they ask reporters to avoid privacy violations and disruption to others, and that they do not exploit any vulnerabilities to compromise the network or any of its participants.
All you have to do is report the bounty to the email address posted on their blog along with an ETH address so any reward can be sent in the event it is considered worthy of a bounty.