Staking Platform Bug Bounty

Today GATENet is publicly publishing the smart contract code planned for use with our staking platform for public review.

The GATE Token Staking Platform (the “Staking Platform”) is a non-custodial Staking Platform, built to operate on the Ethereum blockchain and provide Staking and Awards functionality to holders of GATENet’s ERC-20 GATE token. The Staking Platform allows GATE token holders to participate in Staking and earn Awards on locked tokens.

Staking Platform Functionality


There is an ability for a staker wishing to stake, to deposit their tokens with the smart contract.

Staking Rewards:

The primary function of the smart contract is to distribute staking rewards to users that stake their GATE tokens. The smart contract will be funded (addReward) with 36,500,000 GATE tokens. At the rewards start date, these tokens will start being distributed to stakers over a 365 day period (100,000 GATE tokens per day).

Fee Distribution:

There is a function built in (feeDistribution), whereby a periodic award of GATE tokens is distributed to stakers, as a percentage of their stake vs total stake, who are currently staked on the platform. Rewards distributed via the feeDistribution method are not locked by the smart contract.


There is a locking functionality whereby staked tokens will be locked for 30 days. Reward locks are tied into the same locking end date as the stake.


There is a withdrawal functionality whereby on the withdrawal event, all unlocked tokens and any available rewards and accumulated Fee Distributions will be returned to the user’s wallet in one transaction. There is also a “Claim” function, which will only withdraw tokens received via the feeDistribution method.

Bug Bounty

In order to protect user assets, we will run a bug bounty for 7 days, Monday 31 January 2022, 12:00 UTC, to Monday 07 February 2022, 12:00 UTC, to reward community members for discovering and reporting bugs. The scope of the bounty will be limited to the smart contracts used in the staking platform stored in the following Github repository:

Bounty rewards will be distributed in GATE tokens. The volume of rewards will vary depending on severity as judged by the GATENet team. The severity of a bug is determined according to the impact which the bug will have.

There are 4 levels, from 2 to 5, which are available to receive a bounty award. Those levels are as follows:

5. Critical
  • Empty or freeze the contract’s holdings (e.g. economic attacks, flash loans, reentrancy, MEV, logic errors, integer over-/under-flow)
  • Cryptographic flaws
4. High
  • Token holders unintentionally temporarily unable to transfer holdings
  • Users spoof each other
  • Theft of yield
3. Medium
  • Contract consumes unbounded gas
  • Griefing, denial of service (i.e. attacker spends as much in gas as damage to the contract)
2. Low
  • Contract fails to deliver promised returns, but doesn’t lose value
1. None
  • Best practises

Bounty payout is as follows:

  • 2. Low: Up to 50,000 GATE
  • 3. Medium: Up to 100,000 GATE
  • 4. High: Up to 250,000 GATE
  • 5. Critical: Up to 500,000 GATE

A bounty cap of 2,000,000 GATE tokens has been added to the bounty programme.

Reporting A Bug:

Bug reports should be sent to [email protected]

Email reports should contain the following:


add summary of the vulnerability

Steps To Reproduce:

add details for how we can reproduce the issue

Supporting Material/References:

list any additional material (e.g. screenshots, logs, etc.)

A few friendly rules:

  1. Bounties go to the first to report, based on the timestamps by which email bug reports are received.

2. Don’t steal or attempt to steal others’ funds.

3. Don’t publicly disclose a bug before it has been fixed.

4. Paid auditors of this code are not eligible for rewards.

5. Anyone who worked to produce the code is not eligible for rewards.

6. Non-security critical issues (style issues, gas optimizations) are not eligible.

7. Previously known vulnerabilities (resolved or not) of the Ethereum network (and any other fork of these) are not eligible.

8. Previously known vulnerable libraries without a working Proof of Concept are not eligible.

9. Attacks requiring MITM or physical access to a user’s device, or control over users private keys are not eligible.

10. KYC – In order to receive an award, the bounty hunter must pass KYC.

11. Determinations of eligibility, score and all terms related to an award are at the sole and final discretion of the GATENet team.