Announcing a bug bounty for the updated smart contracts of the Ethorse dApp. Security of User funds is our top priority. We welcome everyone to participate and contribute to the success of the dApp (and win rewards!).
Link to the two smart contracts are below. Bounty is open until notice. Rewards for a bug are provided to those who report the bug first. Please report the bugs on Github.
Up to 15 ETH and 100,000 HORSE for bugs that enable stealing user funds
Up to 5 ETH and 75,000 HORSE for bugs that lock user funds
Up to 2 ETH and 30,000 HORSE for minor bugs and gas efficiency improvement recommendations
Our website and whitepaper: https://ethorse.com
Link to the Testnet version of the dApp: http://testnet.ethorse.com
Currently, we have paused the races since Oraclize Services are down for Kovan Testnet.
The overall purpose of this dApp is to enable fully automated Parimutuel gaming on the price of cryptocurrencies.
Betting.sol
https://github.com/ethorse/ethorse-core/blob/dev/contracts/Betting.sol
This is the contract which contains the entire code for betting, racing, rewarding and refunding.
- When a race is setup using the `setupRace()` method, six oraclize queries for 3 coins are placed at various delays.
- Once the race is setup, users can bet on a coin until the opening prices (first three oraclize queries) of the coins are received from oraclize.
- When the closing prices (last three oraclize queries) are received, the winner is decided by calculating the percentage gain/loss in prices.
- Once the race ends, the users can claim their winnings (if any) within the next 30 days.
- After 30 days from the end of the race, the unclaimed funds (if any) is moved to the bankroll.
- When any issues occur (Eg: No price from Oraclize), a refund is enabled. Users will be able to claim the amount they had bet.
- When issue occurs and refund is enabled, the unclaimed funds can be moved to bankroll after 30 days from enabling the refund.
BettingController.sol
https://github.com/ethorse/ethorse-core/blob/dev/contracts/BettingController.sol
This is the pivotal smart contract which controls the spawning of race contracts.
- The `initiateRaceSpawning()` function is the triggering method which will start spawning a race contract every time the `__callback()` method is invoked by oraclize.
- In the event of callback another oraclize query is sent thereby scheduling the spawning of next race.
- Also, for every race spawned there is an oraclize query with a 30-day delay which automatically recovers the unclaimed funds.
- The kickstarter ether is given to the race contract from the BettingController and the house fee is collected by the BettingController as well.
- There is a kill switch for the BettingController `raceSpawnSwitch()` which can be invoked to pause or resuming the automation of race spawning.
- The `extractFund()` function is used to extract the takeout funds from the controller to the bank roll.
- When a race fails to succeed, `enableRefund()` can be used to enable refund for a particular race.
- `spawnRaceManual()` can be used to spawn a race manually, without hindering the automation.
