Bug Bounty

,

DevLog 14 - Using a Catallax Trust to Pay Bug Bounties

,

Fresh off DevCon 3 we have our first bug submitted on the Catallax Trust.  Github user NickErrant pointed out in this github issue that a franchisee could lock up funds by pointing their payment address to a contract that throws on the fall back function.

Generally you can trust that people that want to get paid by a contract won’t do this, but in the case of a Catallax Trust the franchisee could be disgruntled about their payout or choose to protest for some other reason and lock up the contract.

The reason this can happen is that if address.transfer function fails then the function will throw.  Because our withdraw() function pays out to the franchisee if they exist they can block the payment.  The simple fix (and the one we’ve taken at the moment) is to use address.send instead.  If this fails it just returns false and the rest of the function continues to function.

A better solution is to use the withdraw pattern and just set the money aside for the franchisee to come get later.  This requires another storage variable in the contract so it has some cost.

We haven’t deployed the factory to produce this new contract yet so don’t set up a franchise contract until we do so. If you are interested in setting one of these up, please reach out to us and we will work with you to get everything setup correctly.

Nick raised a good point when reporting the bug that bug bounty contracts where you just try to steal the funds have pretty poor incentives for bug hunters.  As a result, we’ve made Nick the beneficiary of the bug bounty contract.  On 11/16 he’ll be able to call withdraw and get out 1/24th of the current balance.

We will leave Nick as the beneficiary until we get our next valid bug report.  At that time, provided the bug is as serious as Nick’s, we will unlock the beneficiary and transfer it to the new bug hunter 36 days later.

Of course, if you'd like to try to steal the money out of the trust you can do that too.

If you’d like to use a Catallax Trust for one of your own bug bounties please reach out to us and we can help you set it up.  The trust supports ETH and ERC20 tokens.

You can find the source code for the contracts here: https://github.com/skilesare/catallaxtrust

Pull down the repo and load them up in remix to interact with the contracts.

If this is interesting to you and you'd like to see where we are going with Catallax, please pick up my book Immortality (Purchase of a physical or kindle copy helps support this project).

Donations always accepted at:

BTC: 1AAfkhg1NEQwGmwW36dwDZjSAvNLtKECas

ETH and Tokens: 0x148311c647ec8a584d896c04f6492b5d9cb3a9b0

If you would like more code articles like this please consider becoming a patron on patreon.

You can discuss this article and more at our reddit page r/Catallax.

Bug Bounty Doubled - $400 - Truffle Tests Released

We are back from DevCon 3 in Cancun.  It was a great week.  We learned a lot and had some great conversations.  We are really excited about moving Catallax forward and getting our decaying currency up and running on the main net.

In the meantime, we've doubled the bug bounty on the Catallax Trust to $400.  We are getting closer to our first opportunity to do a withdrawal on November 16th.

I've also released the truffle tests source.  Reviewing these should give you some idea of how the contract works.

You can find the source code for the contracts here: https://github.com/skilesare/catallaxtrust

Pull down the repo and load them up in remix to interact with the contracts.

If this is interesting to you and you'd like to see where we are going with Catallax, please pick up my book Immortality (Purchase of a physical or kindle copy helps support this project).

Donations always accepted at:

BTC: 1AAfkhg1NEQwGmwW36dwDZjSAvNLtKECas

ETH and Tokens: 0x148311c647ec8a584d896c04f6492b5d9cb3a9b0

If you would like more code articles like this please consider becoming a patron on patreon.

You can discuss this article and more at our reddit page r/Catallax.

Bug Bounty Doubled - $200

No big update this week. We are getting ready for Dev Con.  Looking forward to visiting with the community.  If you want to hear more about the Catallax Trust and the next phase of our project where we'll have a decaying currency working on the blockchain please reach out to austin at catallax dot com.

We've sent another $100 worth of ether over to our Bug Bounty.  Try to get it out!

You can find the source code for the contracts here: https://github.com/skilesare/catallaxtrust

Pull down the repo and load them up in remix to interact with the contracts.

If this is interesting to you and you'd like to see where we are going with Catallax, please pick up my book Immortality (Purchase of a physical or kindle copy helps support this project).

Donations always accepted at:

BTC: 1AAfkhg1NEQwGmwW36dwDZjSAvNLtKECas

ETH and Tokens: 0x148311c647ec8a584d896c04f6492b5d9cb3a9b0

If you would like more code articles like this please consider becoming a patron on patreon.

You can discuss this article and more at our reddit page r/Catallax.

,

DevLog 13 - $100 Catallax Trust Bug Bounty

,

The plan was to go with a push out to Ropsten today with the web app up and running.  I’ve had a muted response to the application so far so I’m going to try something different.  I really need some more eyes on this contract before I pour a bunch of dev cycles at the dapp.  So I’ve thrown all caution to the wind and deployed the contracts to mainnet.

I’m created a Catallax Trust Custodian(0x1ed1ee3d6cf25754046e8769f4f2feff57ede7a3), Factory(0x6824457c6c5f711b71dc28c804c6ca767fc84046), Trust Storage(0x79244a86de9b499b03d8c0afe29460d029c5e7a6), and Catallax Trust(0xb8c7842b4451c440f14f0ccfa7cc4bb9734e5df5).  The trust is a two year trust that pays out $30,000 a month.  I’ve loaded it up with $100 worth of ETH.  Please do your best to pull this eth out of the trust.  If you can break the trust please let me know what you did to break it at austin at catallax dot com.

You can find the source code for the contracts here: https://github.com/skilesare/catallaxtrust

Pull down the repo and load them up in remix to interact with the contracts.

I have a bit of time off this week and I’m not sure if I’ll make much progress on the dapp or not.  Some positive feedback and some potential customers might light a fire under me to make the contracts easier to interact with.

If you would like to start a trust right now you can do so by calling the Custodian.CreateTrust function,  Funding the created trust, and then calling the Trust.StartTrust function.

If you’d like to start one but want to see more scrutiny on the contract feel free to send ETH to the Trust address at 0xb8c7842b4451c440f14f0ccfa7cc4bb9734e5df5 to increase the bounty.

Have fun exploring the contracts!  Post questions and issues in our github or reddit here.

If this is interesting to you and you'd like to see where we are going with Catallax, please pick up my book Immortality (Purchase of a physical or kindle copy helps support this project).

Donations always accepted at:

BTC: 1AAfkhg1NEQwGmwW36dwDZjSAvNLtKECas

ETH and Tokens: 0x148311c647ec8a584d896c04f6492b5d9cb3a9b0

If you would like more code articles like this please consider becoming a patron on patreon.

You can discuss this article and more at our reddit page r/Catallax.