Update on Safety Measures for Red Eyes Release and the Bug Bounty
Since the Raiden Network Red Eyes release on the Ethereum mainnet is coming closer, we would like to inform you about several safety features, which will be implemented into the Red Eyes release.
The Red Eyes release is an alpha deployment of the Raiden Network focused on testing on the Ethereum mainnet. Hence, we aim to undertake strong risk mitigation measures to limit the potential damage caused by bugs or misuse of the software and to ensure a responsible testing environment. Naturally, in addition to that we followed various internal safety procedures (four-eyes PR merge principle, detailed internal audit of the smart contracts, intensive testing on the testnet).
Please be aware that the Red Eyes release is not security audited by an external party yet, which is why deposit and transfer limitations have been put into place.
In detail this means:
- The total maximum value (sum of all channel deposits) contained in the smart contracts is limited to 250 ETH.
- The Red Eyes version of the Raiden Network is limited to one token network, WETH (wrapped Ether), instead of allowing other ERC20 token networks to be created.
- The maximum deposit in each payment channel is limited to 0.15 ETH (0.075 ETH per direction/node).
- A Deprecation Switch has been implemented, which allows to close down the alpha testing version of the Raiden Network in case of a security issue or if a new version is available. Once the Deprecation Switch is activated, the users will no longer be able to open new channels nor be able to deposit more tokens. Users will be able to close their channels in order to get access to their tokens, as well as continue to transfer tokens within the existing channels. The Deprecation Switch does not allow for continuous access/change/maintenance to/of the system or any of its components, but is only designed to deprecate “Red Eyes”. The Deprecation Switch can be only used one time. Brainbot labs does not assume any responsibility or liability for the control of the deprecation switch. Using the Red Eyes release entails acceptance of that fact.
Besides the above mentioned safety measures, we will, as announced in our last blog post, host a bug bounty for the Raiden code, once deployed on the mainnet.
You will be able to find more information about the bounty rewards, rules and submission guidelines at bounty.raiden.network as soon as the Red Eyes release goes live.
To chat with us about development specific questions please visit our gitter channel.
You’ll hear again from us soon with further updates!
The Raiden Team