@Following the hacking Devcon 1, Martin Swende It’s Nr. #1 on leaderboard Ethereum Bounty Program. A bounty program is underway. Final bounty awarded It reached 5 BTC. This program is open to anyone. with BTC Relay In preparation for the launch of Ethereum and given its importance to many DApps, we would like to emphasize ongoing security audits by including it in the Ethereum Bounty Program.
BTC Relay is an Ethereum contract that implements Bitcoin SPV. https://en.bitcoin.it/wiki/Thin_Client_Security
The main purpose of BTC Relay is to route fully confirmed Bitcoin transactions to specific Ethereum contracts. When someone makes a Bitcoin payment or makes an arbitrary transaction on the standard Bitcoin blockchain, the relay must be able to send it to a designated Ethereum contract. More details in the specs.
The goal is to identify security issues such as invalid block headers, false proofs, or allowing invalid Bitcoin transactions. Likewise, you can still receive bounties if you have a valid Bitcoin transaction that is not fully relayed by BTC Relay.
BTC Relay has a separate open source grant for bounties, so major bugs can be discovered up to 1 BTC. Much higher rewards are possible (up to 5 BTC) for very severe vulnerabilities. Rewards are available to everyone except bounty program judges and BTC Relay developers.
The scope is, by contract, five “.se” files in the root directory.
https://github.com/ethereum/btcrelay/tree/1466934855225b1e4a87031d299c1209ba12d503
(This is the same commit as: https://github.com/ethereum/btcrelay branch development).
Full SPV client functionality is out of scope (e.g. not checking Bitcoin block timestamps to save on gas costs). Incentives, gas costs, and other better mechanisms for algorithm optimization are not included in the scope. That said, such feedback will still be gladly considered.
Now that BTC Relay is included in the Ethereum bounty program, most of the following rules apply: http://bounty.ethdev.com apply. For example, the website is not part of the bounty program and is on a first-come, first-serve basis. That is, the issue has already been submitted or has already been submitted by another user. already known You cannot receive bounty rewards for your team. However, this also means that in addition to monetary rewards, all bounties come with the following benefits:
- Along with the points you accumulate over the course of the program, you will be listed on the Ethereum bounty leaderboard.
- Once activated, your personal information will be inscribed in your Ethereum name registration.
- Exclusive Limited Edition Ethereum Bountyhunter T-Shirt
Anyone who wants to participate in the BTC Relay channel can participate. https://gitter.im/ethereum/btcrelay. The bounty program will run for several weeks prior to the launch of BTC Relay to Frontier. Here are some items and open questions we’ll be discussing with the community about the launch of Frontier.
- What is the first block of BTC Relay?
- For technical and practical reasons, the earliest block that can be stored in BTC Relay is the 2016 block (first difficulty retarget). The first block of a BTC Relay must be subject to a difficulty change. In other words, it must be a block that can be divided by 2016.
- What are the chances of seeing a Bitcoin transaction from some time ago?
- How useful would BTC Relay be if it started with block difficulty retargeting twice ago?
- It is currently at block 389088.
- There is a script that anyone can run to submit block headers to the BTC Relay. What do you think the base fee that Bitcoin transaction validators pay in ETH should be?
- The current fee for the script is 0.
- Typically, submitting a block header costs less than 0.01 ETH. Should the base fee be 0.01ETH?
- This base fee can be overridden as the submitter wishes, but the incentive mechanism makes it unlikely that setting the fee excessively will be rewarded.
Lastly, the BTC Relay Bounty Program was added to “News and Updates” on bounty.ethdev.com a few weeks ago and has already had 1 bounty submission!