EDIT 1:Result of the Cointed (CTD) Token Bug Bounty programDear Issue reporters,
We want to thank everyone who contributed in the CTD smart contract Bug Bounty program.
Before Cointed published the CTD smart contract for public review, we had already charged the independent Swiss IT security company ChainSecurity with auditing the CTD smart contract. No serious bugs were found during this review. The public audit document of this review
can be found here.
For the sake of transparency and impartiality, Cointed also charged ChainSecurity with the task to assess the severity of all issues reported as a result of the CTD Bug Bounty program.
The final result of the review is as follows:
Neither Cointed, nor ChainSecurity were able to find any “bug” in the issues, which have been reported.
Despite the fact that none of the reported issues represented what could be considered a “bug”, we still decided to change the contract’s code based on certain reports, because we care about deploying the most beautiful and clean code possible.
As a Thank-You for their work, we decided to compensate the issue reporters who suggested these changes anyway. The following issues have influenced the latest changes to the smart contract:
#5 by merlox: Overflowing issues and related ( … 3 issues )
… Cointed’s Thank-You: 2 ETH
#2 & #3 by pauliax: function Approve in StandardToken.sol & Mark functions with a specific access level ( … 2 issues )
… Cointed’s Thank-You: 1 ETH
#4 by codingupastorm: Constructor sets owner twice ( 1 issue )
… Cointed’s Thank-You: 0.5 ETH
Further explanations have been posted as comments in the code.
With these changes, the code has now been deployed successfully. The full CTD smart contract
can be found here.
The changes are also documented in the latest ChainSecurity public report found above.
The aforementioned Bountyhunters have two options to inform us of their ETH wallet address:
1. Posting their ETH wallet address as a comment in the
GitHub thread here2. Sending their ETH wallet address as a plaintext email to
bugbounty@cointed.com and posting the SHA256 hash of the content in the GitHub thread
A big Thank-You again to all participants from the whole Cointed IT department!
----------------------------
Cointed Token Sale Smart Contract is ready for review!
Official GitHub repository including test-scripts and further documentation:
https://github.com/vkonst/ctd-tokenA professional audit has already been done by ChainSecurity.com. You may view the results here:
https://github.com/vkonst/ctd-token/blob/master/securityCheck/Cointed_ChainSecurity_Report_Public.pdfBegin: 12.10.2017, time of this post
End: 19.10.2017, 15:00 CEST
Submissions are only taken via the GitHub issue tracker, in order:
https://github.com/vkonst/ctd-token/issuesOur team will assess each submission individually. After internal approval, a third party (ChainSecurity.com) will weight the issues. Depending on impact and likelihood, the first finder of each unique bug will get the following price:
Low: 1.000 EUR
Medium: 2.500 EUR
High: 5.000 EUR
Critical: 50.000 EUR
The maximum of overall payouts will be 100.000 EUR.
Successful bug hunters may choose the payout amount in ETH, DASH or BTC or any other cryptocurrency tradable at
https://www.cointed.com/Only third parties, who have not been part of contract development in any way may receive bounties.
For any other concerns related to bug bounty, please contact us via
bugbounty@cointed.at
