Bug Bounty
Whitehack2earn (h2e). Use your skills for the good of web3. Make the world a better and get profit.
At Envelop, we classify bugs on a widely used scale. For version 1 of the protocol, we identify the following directions of attack:Critical
- Blocking to user unwrapping of wNFT and getting collateral
- User`s funds losing during wrapping or adding collateral
- Withdrawing tokens of collateral without unwrapping of own or someone else's wNFT
- Withdrawing original NFT without unwrapping of own or someone else's wNFT
- Getting collateral tokens during unwrapping of wNFT more than was added in it
- Increasing amount of collateral tokens in accounting registers of smart contracts
- Decreasing amount of collateral tokens in accounting registers of smart contracts
- Changing owner of smart contracts
- Withdrawing native tokens from smart contracts addresses of protocol
- Withdrawing ERC20 tokens from smart contracts addresses of protocol
- Withdrawing ERC721 or ERC1155 tokens from smart contracts addresses of protocol
High
- Unauthorized Adding address of smart contract in whiteList
- Unauthorized Adding address of smart contract in blackList
Medium
- Unbounded gas consumption
- Increasing of gas consumption with every next operation
- Blocking possibility to wrap NFT
- Blocking possibility to add collateral to wNFT
Low
- Creation of conditions to get-methods return wrong data
Level | Rewards, wNFT with NIFTSY as collateral | Time-lock, week |
---|---|---|
Critical | 1 000 000 | 36 |
High | 400 000 | 16 |
Medium | 100 000 | 8 |
Low | 25 000 | 2 |
Last modified 7mo ago