We’re excited to announce that our COIN V3 Token, TokenSwap, and Coinvest Platform contracts are ready for audit!
A professional audit has been performed by our friends at Authio (in which the results of Authio’s findings can be found here). However, as a new and non-finalized token standard, we need the community’s help to make sure our contracts are as safe as can be.Program Details
The scope of our bug bounty program includes the following contracts:CoinvestToken.solTokenSwap.solInvestment.solUserData.solBank.sol
These contracts can be found in the CoinvestHQ GitHub.
The COIN Token is based off the ERC865 standard with many improvements. It allows users to pay the gas for token functions in COIN instead of Ether. COIN V3 was created as a result of a vulnerability discovered in COIN V2 which allowed replay attacks on pre-signed transactions. More information can be found in our GitHub.
The Platform contracts allow users to easily and instantly buy and sell cryptonized assets at market price using COIN. Technical information and requirements are detailed in our GitHub.
Check out the following resources for detailed information regarding:Coinvest GitHub (Coinvest Platform contracts information)COIN V2 Technical Documentation (V2 Technical Information is the same as V3)Coinvest Etherless Transfer Function Demo
The token bug bounty program runs from the publication of this post through the mainnet launch of COIN V3. The Platform bug bounty ends at the mainnet launch of its contracts.Compensation
Our team will assess each submission individually and assign a level of severity according to its likelihood and impact to the security and performance of the token itself. Compensation will depend on the severity of the issue found.
Rewards:Critical: 15 ETH
A critical bug is a bug that will enable stealing of funds, loss of funds, or permanent disablement of a contract.High: 5 ETH
A high bug significantly affects the ability of the contract to operate. These would include ERC incompatibilities and non-working functions.Medium: 1 ETH
Medium bugs entail an issue regarding the contract not operating as it was designed. For example, if the whale limit on our contract was able to be bypassed, that would be a medium bug.Low: .5 ETH
Low bugs are less significant errors such as a send being able to fail without throwing.
All bugs are rewarded at the sole discretion of our team using the OWASP risk / severity model.
Note: Coinvest employees and paid auditors are not eligible for bounty compensation.
Please report bug bounty submissions to [email protected]