Banner object (1)

Hack and Take the Cash !

816 bounties in database
  Back Link to program      
28/05/2019
VeChainThor VIP191 logo
Thanks
Gift
Hall of Fame
Reward

500 HKN 

VeChainThor VIP191

VeChainThor VIP191 Designated Gas Payer function

__Scope

In Scope

Target | Type | Severity | Reward
---|---|---|---

VIP191

VIP191 - Designated Gas Payer function

| Blockchain | Critical | Bounty

__Rewards

Severity (CVSSv3) | Reward
---|---
Critical | 10000$
High | 5000$
Medium | 2500$
Low | 500$

__Focus Area

VIP191 is the implementation of the proposal submitted by Totient Labs to improve the existing Multi-party Payment Protocol (MPP) of VeChainThor blockchain. By expanding the signature field to contain an additional delegatorSignature concatenated with the sender signature, VIP191 allows someone other than the sender to co-sign a transaction in order to pay for the transaction fee, also known as a Designated Gas Payer. This improvement is going to broaden the use cases of the fee delegation feature and bring the answers to some of the questions such as:

  • How to sponsor a specific operation which calls multiple contracts in a more flexible manner?
  • How to sponsor multi-clause transactions where each clause is to a different contact?

While the MPP feature has been instrumental in building the first wave of applications on VeChainThor, we are actively engaged in growing use cases and scenarios, and glad to confirm that in the latest release v1.1.0 VIP191 was activated at block #2,898,800 (~ Tue, 28 May 2019 04:00 GMT) on the VeChainThor testnet. VIP191 activation on mainnet will occur after the test is concluded and identified vulnerability (if any) is remediated.

You can find more info about VIP191 in the Medium article by Totient Labs.

Example Code to create a VIP 191 TX

What to look for

  • Transaction / messages malleability
  • Other vulnerabilities or viable attack vectors relating to the VIP191

__Program Rules

  • You must not disrupt any service, or compromise personal data
  • You must send a clear textual description of the work done, along with steps to reproduce the vulnerability
  • After sending report, you cannot tell anyone or anywhere. Public disclosure of a vulnerability makes it ineligible for a reward
  • For similar issues, only the first submission is eligible for bounty reward. Note, that submissions can be sent here as well.
  • In case you find chain vulnerabilities we pay only for vulnerability with the highest severity
  • It’s entirely at VeChain's discretion to decide whether a bug is significant enough to be eligible for reward and its severity
  • The rewards will be paid out in VET based on the current price.

__Tools & Links

  • Download Sync, connect to testnet, and generate wallet address by yourself and receive test tokens via faucet
  • Please find full technical documentation relating to VeChainThor blockchain in the developer information center

In Scope

Scope Type Scope Name
blockchain

VIP191


This program crawled on the 2019-05-28 is sorted as bounty.

FireBounty © 2015-2019

Legal notices