CORE’s Bug Bounty: Reward Announcement
On October 17th, 2020, the CORE team launched a Bug Bounty Program for its Smart Contracts. We have been evaluating reports on bugs and vulnerabilities submitted by dedicated CORE community members and security specialists. Thanks to their reports, we were able to improve the security of our ecosystem and implement fixes.
1.”James” @BagholderJB22
Description:
- Reported a wrong variable being used in the refund calculation. This would break the refund calculation.
Severity: Low
Total Points earned: 750 pts
2. @benjioh5
Description:
- Reported a math error inside the LGE ending function. This would result in the LGE not being able to end until it is fixed.
Severity: Low
- Reported a second math error inside the LGE ending function. This would result in the LGE not being able to end until it is fixed.
Severity: Low
- Reported possible attack on running average after LGE & adding liquidity at a too high/low of a price.
Severity: High
Total Points earned: 9,250 pts
3. Teo @TechnoTomorrow
Description:
- Adding a time-guard function which migrates a possible condition where people could have put in deposits after LGE was already over. This could have had an impact on unmitigated price-change attacks.
Severity: Low
- Reported a wrong variable being used in the refund calculation. This would break the refund calculation.
Severity: Low
Total Points earned: 2,250 pts
4. “Eric”
Description:
- Discovered a Math error inside the LGE ending calculation that would cause LGE ending to fail until it was fixed.
Severity: Low
Total Points earned: 750 pts
In addition to monetary rewards, every bounty is allocated points which accumulate over the course of the program. Based on total points, participants may be recognized in our Leaderboard.
Thank you to everyone who submitted reports and helped secure CORE and its ecosystem. CORE’s Bug Bounty Program continues to pay out rewards to participants who submit new bugs & vulnerabilities.
💬 Join Us!
- Join the discussion in our Discord at https://discord.gg/hPUm9Jh & Telegram https://t.me/COREVault
- Don’t miss any update by following these Twitter accounts at @CORE_VAULT @x3devships @0xdec4f @0xRevert
