Bug Bounty
Whitehack2earn (h2e). Use your skills for the good of web3. Make the world a better and get profit.
At Envelop, we classify bugs on a widely used scale. For version 1 of the protocol, we identify the following directions of attack:Critical
  • Blocking to user unwrapping of wNFT and getting collateral
  • User`s funds losing during wrapping or adding collateral
  • Withdrawing tokens of collateral without unwrapping of own or someone else's wNFT
  • Withdrawing original NFT without unwrapping of own or someone else's wNFT
  • Getting collateral tokens during unwrapping of wNFT more than was added in it
  • Increasing amount of collateral tokens in accounting registers of smart contracts
  • Decreasing amount of collateral tokens in accounting registers of smart contracts
  • Changing owner of smart contracts
  • Withdrawing native tokens from smart contracts addresses of protocol
  • Withdrawing ERC20 tokens from smart contracts addresses of protocol
  • Withdrawing ERC721 or ERC1155 tokens from smart contracts addresses of protocol
High
  • Unauthorized Adding address of smart contract in whiteList
  • Unauthorized Adding address of smart contract in blackList
Medium
  • Unbounded gas consumption
  • Increasing of gas consumption with every next operation
  • Blocking possibility to wrap NFT
  • Blocking possibility to add collateral to wNFT
Low
  • Creation of conditions to get-methods return wrong data
Level
Rewards, wNFT with NIFTSY as collateral
Time-lock, week
Critical
1 000 000
36
High
200 000
12
Medium
40 000
4
Low
10 000
1
Copy link