Loopring - Bug and Optimization Bounty for Smart Contracts 2.0
e call on our community and all bug bounty hunters to help us identify bugs in Loopring Protocol 2.0 and to provide optimization solutions.
Loopring Protocol 2.0 Smart Contracts
The Loopring project is a protocol for decentralized token exchange. This set of smart contracts include the following files:
- RingSubmitter.sol: Contains the core implementation of the protocol for settling rings. This file demands a lot of reviews and auditing.
- RingCanceller.sol: Contains the functionality for canceling orders.
- ExchangeDeserializer.sol: The code to deserialize the packed data passed to
- RingHelper.sol: Contains the core logic for settling a single ring. The token transfers and the fee payments are generated here. This file demands a great deal of reviews and auditing.
- OrderHelper.sol: Contains the order related functions. Code to validate the order data and fetch the available balances of the order owner.
- ParticipationHelper.sol: Contains the participation related functions. Fees are calculated here for an order in a specific ring and functions are available to update the order state.
- MiningHelper.sol: Contains the mining data related functions. Code for the verification of the mining data.
- TradeDelegate.sol: The contract to transfer tokens on behalf of different versions of the Loopring protocol so we can avoid re-authorization after a protocol upgrade/migration. Also contains functions and data for the trade history of orders.
- FeeHolder.sol: Contract that holds the funds that were used to pay fees. Fee recipients can withdraw tokens from this contract.
- BurnRateTable.sol: Contract to manage the burn rate of tokens and users (see new fee model).
- BrokerRegistry.sol: Registry that allows order owners to authorize brokers.
- MultihashUtil.sol: Code for verifying signatures in the MultiHash format.
- ERC20SafeTransfer.sol: Wrapper around ERC20 token transfer calls to support tokens that don’t fully comply with the ERC20 standard.
- OrderBook.sol: The onchain order book contract.
- OrderRegistry.sol: Registry where order hashes can be registered.
The above smart contracts are subject to our bounty programs.
We learned from the Ethereum and AirSwap teams and decided to employ OWASP for rating identified bugs based on their likelihood and impact.
The bug bounty reward is scheduled as follows:
- Critical: 150–200K LRC
- High: 50–100K LRC
- Medium: 10–20K LRC
- Low: 1–5K LRC
Typos and English grammar errors in source code and comments do not qualify for the bounty.
Our gas usage benchmark is used to measure the gas usage of some typical scenarios. The average gas usage of these scenarios is used as the baseline. Currently this is 391,289. For each percent of gas reduction, we will pay the contributor 25K LRC. The cap is 500K LRC.
We will also put the contributor’s GitHub URI in our smart contract source code if he/she can reduce gas usage by at least 5%.
This is our third optimization bounty program and our second bug bounty program. In the first optimization bounty, we have paid contributors 687,750 LRC. In the second optimization bounty over 100,000 LRC was paid to contributors.
- You must submit fully working pull requests (PRs), including all necessary test updates. If you cannot get our final approval and become irresponsive for one week, we will close your PR.
- We do not accept ideas, so don’t send us emails, create PRs directly on GitHub.
- Optimizations with less than 0.5% gas reduction are not qualified.
- Optimizations that have already been submitted by another user are not eligible for bounty rewards.
- The Loopring Foundation is at the sole and final discretion of these bounty programs.
- The bounty programs starts now and ends by December 15th 2018. LRC reward will be paid before December 30th.