Bug Bounty

Whitehack2earn (h2e). Use your skills for the good of web3. Make the world a better and get profit.

PreviousApproximate (maximum) activity estimates NextPrivacy-policy

Last updated 1 year ago

Was this helpful?

Bug Bounty

Whitehack2earn (h2e). Use your skills for the good of web3. Make the world a better and get profit.

***

Reporting .

***

Already 780,000 NIFTSY tokens have been paid out for bugs found

***

Tested directions of the applications:

operation of each implemented functionality
interaction with crypto wallets
dAapps interaction with backend

Prerequisites:

testing and troubleshooting to perform in Chrome, Firefox browsers?
Metamask transaction wallet

List of applications to search for bugs:

***

Frontend levels of bug severity:

Blocker (S1). Such an error makes it impossible to proceed with using or testing the software. There aren't any ways to work around it.
Critical (S2). It is an incorrect functioning of a particular area of business-critical software functionality. There is an alternative way to work around it.
Major (S3). An error has a significant impact on an application, but other inputs and parts of the system remain functional, so you can still use it. At the same time, there is more than one entry point to initiate the desired functionality
Minor (S4). A defect is confusing or causes undesirable behavior but doesn’t affect user experience significantly. Many UI/UX bugs belong here.
Low/Trivial (S5). A bug doesn’t affect the functionality or isn’t evident. It can be a problem with third-party apps, grammar or spelling mistakes, etc.

***

Level

Rewards (wNFT with NIFTSY as collateral )

Time-lock (Weeks)

150 000

50 000

20 000

7 000

2 000

***

At Envelop, we classify bugs on a widely used scale. For version 1 of the protocol, we identify the following directions of attack:

Critical

Blocking to user unwrapping of wNFT and getting collateral
User`s funds losing during wrapping or adding collateral
Withdrawing tokens of collateral without unwrapping of own or someone else's wNFT
Withdrawing original NFT without unwrapping of own or someone else's wNFT
Getting collateral tokens during unwrapping of wNFT more than was added in it
Increasing amount of collateral tokens in accounting registers of smart contracts
Decreasing amount of collateral tokens in accounting registers of smart contracts
Changing owner of smart contracts
Withdrawing native tokens from smart contracts addresses of protocol
Withdrawing ERC20 tokens from smart contracts addresses of protocol
Withdrawing ERC721 or ERC1155 tokens from smart contracts addresses of protocol

High

Unauthorized Adding address of smart contract in whiteList
Unauthorized Adding address of smart contract in blackList

Medium

Unbounded gas consumption
Increasing of gas consumption with every next operation
Blocking possibility to wrap NFT
Blocking possibility to add collateral to wNFT

Low

Creation of conditions to get-methods return wrong data

Level

Rewards, wNFT with NIFTSY as collateral

Time-lock, week

Critical

1 000 000

High

400 000

Medium

100 000

Low

25 000

PreviousApproximate (maximum) activity estimates NextPrivacy-policy

Last updated 1 year ago

Was this helpful?

***

Reporting .

***

Already 780,000 NIFTSY tokens have been paid out for bugs found

***

Tested directions of the applications:

operation of each implemented functionality
interaction with crypto wallets
dAapps interaction with backend

Prerequisites:

testing and troubleshooting to perform in Chrome, Firefox browsers?
Metamask transaction wallet

List of applications to search for bugs:

***

Frontend levels of bug severity:

Blocker (S1). Such an error makes it impossible to proceed with using or testing the software. There aren't any ways to work around it.
Critical (S2). It is an incorrect functioning of a particular area of business-critical software functionality. There is an alternative way to work around it.
Major (S3). An error has a significant impact on an application, but other inputs and parts of the system remain functional, so you can still use it. At the same time, there is more than one entry point to initiate the desired functionality
Minor (S4). A defect is confusing or causes undesirable behavior but doesn’t affect user experience significantly. Many UI/UX bugs belong here.
Low/Trivial (S5). A bug doesn’t affect the functionality or isn’t evident. It can be a problem with third-party apps, grammar or spelling mistakes, etc.

***

Level

Rewards (wNFT with NIFTSY as collateral )

Time-lock (Weeks)

150 000

50 000

20 000

7 000

2 000

***

At Envelop, we classify bugs on a widely used scale. For version 1 of the protocol, we identify the following directions of attack:

Critical

Blocking to user unwrapping of wNFT and getting collateral
User`s funds losing during wrapping or adding collateral
Withdrawing tokens of collateral without unwrapping of own or someone else's wNFT
Withdrawing original NFT without unwrapping of own or someone else's wNFT
Getting collateral tokens during unwrapping of wNFT more than was added in it
Increasing amount of collateral tokens in accounting registers of smart contracts
Decreasing amount of collateral tokens in accounting registers of smart contracts
Changing owner of smart contracts
Withdrawing native tokens from smart contracts addresses of protocol
Withdrawing ERC20 tokens from smart contracts addresses of protocol
Withdrawing ERC721 or ERC1155 tokens from smart contracts addresses of protocol

High

Unauthorized Adding address of smart contract in whiteList
Unauthorized Adding address of smart contract in blackList

Medium

Unbounded gas consumption
Increasing of gas consumption with every next operation
Blocking possibility to wrap NFT
Blocking possibility to add collateral to wNFT

Low

Creation of conditions to get-methods return wrong data

Level

Rewards, wNFT with NIFTSY as collateral

Time-lock, week

Critical

1 000 000

High

400 000

Medium

100 000

Low

25 000