Coinvest COIN V2 Token Audit and Bug Bounty

We’re excited to announce that our COIN V2 Token and TokenSwap contracts are ready for audit!

A professional audit has been performed by our friends at Authio (in which he results of Authio’s findings can be found here). However, especially as this is a new and non-finalized token standard, we need the community’s help to make sure our contracts are as safe as can be.

Program Details

The scope of our bug bounty program includes the following contracts related to the COIN V2 Token:

  • CoinvestToken.sol
  • TokenSwap.sol

These contracts can be found in the CoinvestV2Audit GitHub. The COIN Token is based off the ERC865 standard with many improvements. It allows users to pay the gas for token functions in COIN instead of Ether.

Check out the following resources for detailed information regarding:

The bug bounty program runs from the publication of this post through the 12th of May.

Compensation

Our team will assess each submission individually and assign a level of severity according to its likelihood and impact to the security and performance of the token itself. Compensation will depend on the severity of the issue found.

Rewards:

  • Critical: 10 ETH
    A critical bug is a bug that will enable stealing of funds, loss of funds, or permanent disablement of a contract.
  • High: 5 ETH
    A high bug significantly affects the ability of the contract to operate. These would include ERC incompatibilities and non-working functions.
  • Medium: 2 ETH
    Medium bugs entail an issue regarding the contract not operating as it was designed. For example, if the whale limit on our contract was able to be bypassed, that would be a medium bug.
  • Low: .5 ETH
    Low bugs are less significant errors such as a send being able to fail without throwing.
  • Informational: 0.1 ETH 
    Informational errors have no impact on the operation of a contract but should be brought to attention, such as a comment not matching the updated code.

All bugs are rewarded at the sole discretion of our team using the OWASP risk / severity model.

Note: Coinvest employees and paid auditors are not eligible for bounty compensation.

Please report bug bounty submissions to security@coinve.st.

For more information, please visit our website. Should you have any questions, please reach out to us on our Discord.


Join our Discord to join our community conversations or say hi to us at any of the channels below: