Bug and Optimization Bounty for Smart Contracts

Today we are publishing our smart contracts for public review. We call on our community and all bug bounty hunters to help us identify bugs in the Loopring protocol and to provide optimization solutions.

Loopring Protocol Smart Contracts

The Loopring project is a protocol for decentralized token exchange. Our first set of smart contracts have been developed for the Ethereum blockchain. This set of smart contracts include the following files:

  • LoopringProtocol.sol: An interface for describing the protocol’s functionality.
  • LoopringProtocolImpl.sol: The protocol implementation that encapsulates most of the core logics. This file demands a great deal of review and auditing.
  • RinghashRegistry.sol: This smart contract keeps track of ring-hash submissions to prevent ring filch.
  • TokenRegistry.sol: This smart contract whitelists ERC20 tokens supported by Loopring protocol. Loopring will only support tokens with verified source code.
  • TokenTransferDelegate.sol: A smart contract to transfer tokens on behalf of different versions of the Loopring protocol meant avoid re-authorization after a protocol upgrade/migration.

Bug Bounty

The above 5 smart contracts are subject to our bounty programs.

We learned from the Ethereum and AirSwap teams and decided to employ OWASP for rating identified bugs based their likelihood and impact.

The bug bounty reward is scheduled as follows:

  • Critical: 150-200K LRC
  • High: 50-100K LRC
  • Medium: 20-40K LRC
  • Low: 5-10K LRC

Typos and English grammar errors in source code and comments do not qualify for bounty.

[UPDATE]: the above bounty reward rules have expired.

Optimization Bounty

For a ring of 2 orders, our protocol currently consumes 415301 gas in total; for a ring of 3 orders, it consumes 511465 gas. The gas usage breakdown are as follows:

method submitRing gas usage breakdown — 2 orders
method submitRing gas usage breakdown — 3 orders

The current ETH price is around 300USD (or 2000RMB), if the ring-miner uses 21Gwei as the gas price, each order’s cost base would be about 1.1 to 1.3 USD ,or 7.1 to 8.6RMB.

We believe there is room for improvement that can reduce gas usage. We will explore a light-mode for the submitRing method, which will not check order balance/allowance nor scale down orders dynamically. This will reduce gas usage greatly but also increase miner’s transaction failure rate. This direction of optimizing the contract is planned thus is not qualified for the bounty program.

The optimization bounty payout is as simple as:

  • Every 1% gas reduction: 25K LRC.

[UPDATE]: The base for percentage calculation will ALWAYS be 511465!!!

[UPDATE]: the above bounty reward rules have expired.

Rules

Please review following rules below before starting your hunt:

  • Issues/optimizations that have already been submitted by another user or are already known to the foundation are not eligible for bounty rewards.
  • Public disclosure of a vulnerability makes it ineligible for a bounty.
  • Loopring Foundation and the core development team are not eligible for rewards.
  • Loopring foundation is at the sole and final discretion of these bounty programs.

Please take a close look at our contracts at https://github.com/loopring/protocol and submit issues and optimizations for review to bounty@loopring.org. We will collect submissions in these two files: bug_submissions.md and optimization_submissions.md, respectively.

Thank you.

Follow us on social media: TwitterSlack