Staking Platform Bug Bounty
Today GATENet is publicly publishing the smart contract code planned for use with our staking platform for public review.
The GATE Token Staking Platform (the “Staking Platform”) is a non-custodial Staking Platform, built to operate on the Ethereum blockchain and provide Staking and Awards functionality to holders of GATENet’s ERC-20 GATE token. The Staking Platform allows GATE token holders to participate in Staking and earn Awards on locked tokens.
Staking Platform Functionality
Staking:
There is an ability for a staker wishing to stake, to deposit their tokens with the smart contract.
Staking Rewards:
The primary function of the smart contract is to distribute staking rewards to users that stake their GATE tokens. The smart contract will be funded (addReward) with 36,500,000 GATE tokens. At the rewards start date, these tokens will start being distributed to stakers over a 365 day period (100,000 GATE tokens per day).
Fee Distribution:
There is a function built in (feeDistribution), whereby a periodic award of GATE tokens is distributed to stakers, as a percentage of their stake vs total stake, who are currently staked on the platform. Rewards distributed via the feeDistribution method are not locked by the smart contract.
Lock-In:
There is a locking functionality whereby staked tokens will be locked for 30 days. Reward locks are tied into the same locking end date as the stake.
Withdrawals:
There is a withdrawal functionality whereby on the withdrawal event, all unlocked tokens and any available rewards and accumulated Fee Distributions will be returned to the user’s wallet in one transaction. There is also a “Claim” function, which will only withdraw tokens received via the feeDistribution method.
Bug Bounty
In order to protect user assets, we will run a bug bounty for 7 days, Monday 31 January 2022, 12:00 UTC, to Monday 07 February 2022, 12:00 UTC, to reward community members for discovering and reporting bugs. The scope of the bounty will be limited to the smart contracts used in the staking platform stored in the following Github repository:
https://github.com/GateNet-IO/GATE-token-staking-platform-smart-contracts
Bounty rewards will be distributed in GATE tokens. The volume of rewards will vary depending on severity as judged by the GATENet team. The severity of a bug is determined according to the impact which the bug will have.
There are 4 levels, from 2 to 5, which are available to receive a bounty award. Those levels are as follows:
Level | Examples |
5. Critical |
|
4. High |
|
3. Medium |
|
2. Low |
|
1. None |
|
Bounty payout is as follows:
- 2. Low: Up to 50,000 GATE
- 3. Medium: Up to 100,000 GATE
- 4. High: Up to 250,000 GATE
- 5. Critical: Up to 500,000 GATE
A bounty cap of 2,000,000 GATE tokens has been added to the bounty programme.
Reporting A Bug:
Bug reports should be sent to [email protected]
Email reports should contain the following:
Summary:
add summary of the vulnerability
Steps To Reproduce:
add details for how we can reproduce the issue
Supporting Material/References:
list any additional material (e.g. screenshots, logs, etc.)
A few friendly rules:
- Bounties go to the first to report, based on the timestamps by which email bug reports are received.
2. Don’t steal or attempt to steal others’ funds.
3. Don’t publicly disclose a bug before it has been fixed.
4. Paid auditors of this code are not eligible for rewards.
5. Anyone who worked to produce the code is not eligible for rewards.
6. Non-security critical issues (style issues, gas optimizations) are not eligible.
7. Previously known vulnerabilities (resolved or not) of the Ethereum network (and any other fork of these) are not eligible.
8. Previously known vulnerable libraries without a working Proof of Concept are not eligible.
9. Attacks requiring MITM or physical access to a user’s device, or control over users private keys are not eligible.
10. KYC – In order to receive an award, the bounty hunter must pass KYC.
11. Determinations of eligibility, score and all terms related to an award are at the sole and final discretion of the GATENet team.