Syscoin NEVM Smart Contract Bug Bounties

This series of bug bounties are offered on Syscoin 4.3 NEVM (Network Enhanced Virtual Machine) TESTNET.

Specifically this branch: https://github.com/syscoin/syscoin/tree/dev-4.x

Including QT, Core, Bridge, NEVM. NOT including third-party applications or older branches.

Rules:

1. All issues must be reported to https://github.com/syscoin/syscoin/issues
2. Titles must start with NEVM. Ex. “NEVM — Issue with token creation”
3. The reporter must have a Github account and/or should create one to report issues.
4. All reports must include the environment. ie. platform/version plus additional environment variables relative to the issue.
5. Issues should be repeatable and the steps to repeat should be detailed.
6. A hypothesis is allowed. Issues that are theoretical and/or beyond the capability of the reporter should be described in detail and the specific code in question should be linked when possible.
7. Only these platforms will be supported: Ubuntu 16.04 LTS+, Debian 8+, Alpine 3.14+, Windows 10+, MacOS 13+
8. Bug bounties start immediately and will continue until the launch of Syscoin NEVM.
9. Reporting multiple issues is allowed.
10. In case of duplicate issues, the first reporter will receive the bounty.
11. Wishlist functionalities will not qualify for rewards.
12. There will be a maximum number of payouts for each reward type as detailed below.
13. Rewards are in calculated USD and will be paid in the equivalent amount of Syscoin at the time of remuneration.
14. Syscoin Foundation reserves the right to determine if a reported bug qualifies for rewards

Rewards

$250 — Non-Breaking (Max Unlimited)

1. Issues such as UI issues, Content errors (Typos/Spelling) or
2. Platform-specific issues are not repeatable on supported platforms.

$2,500 — Breaking Local (Max 25)

1. Any issue that causes a break/halt that does not affect the network.
2. Any issue that impedes or manipulates local users’ data.

$25,000 — Breaking Network (Max 5)

1. Any issue that causes a break/halt that affects the network.
2. Any issue that impedes or manipulates network users’ data.

Suggestions for Testing:

• Create a token on the SPT layer
• Register new SPT tokens on bridge dApp
• Update registry with a new contract
• Use bridge dApp to go between SPT and NEVM layer
• SYS <> SYSX as well as full-bridge walk
• Create a token on the NEVM layer
• Move tokens between SPT and NEVM
• Create/interact with a smart contract
• Break or interrupt Chain Lock mechanism
• Manipulate NEVM blocks
• Adjust blocks to try to get fake blocks validated through the mining process
• Adjust blocks to try to get valid blocks out of order through the mining process
• Try to get nodes to accept blocks from other peers on Geth
• Random NEVM block manipulation for system disruption

Resources:

Links

• Syscoin Testnet Explorers: https://blockbook-dev.elint.services/ | https://sys-explorer.tk/
• NEVM Explorer and Faucet: https://ethstats.tanenbaum.io/
• Bridge dApp: https://bridge-testnet.syscoin.org/
• Pali Wallet Github: https://github.com/syscoin/pali-wallet

Documentation

• https://syscoin.readme.io/v4.3.0/
• https://syscoin.readme.io/v4.3.0/docs/syscoin-43-interacting-with-nevm

Tutorials:

Web3 endpoint: https://rpc.tanenbaum.io
Network ID: 5700
Network name: NEVM Tanenbaum

• Add Syscoin to Metamask: https://syscoin.medium.com/setting-up-metamask-for-syscoin-testnet-nevm-tanenbaum-e2bba17ff309
• Requesting NEVM SYS from Faucet: https://syscoin.medium.com/requesting-nevm-sys-from-tanenbaum-faucet-7b57341d76c
• Syscoin 4.3 Testnet Setup Guide assuming a clean install
  https://bittyjohn1954.medium.com/syscoin-4-3-testnet-setup-guide-assuming-a-clean-install-134911ddf9a

About Syscoin

Follow us

• Website: syscoin.org
• Discord: https://discord.gg/syscoin
• Telegram: https://t.me/Syscoin_Official
• Twitter: https://twitter.com/syscoin

Syscoin Platform is a full Layer-1 and Layer-2 blockchain solution built to combine industry-proven technology to support cutting-edge applications all in one network. The project’s goal is to build a protocol that transforms the blockchain experience and combines the best of Bitcoin and Ethereum. Through Bitcoin merge-mining, Syscoin transforms Bitcoin’s Proof-of-Work security and decentralization into a functional and scalable solution.

Syscoin’s Layer-1 features include proprietary Z-DAG technology to experience near-instant network transactions, ultra-low transaction fees, taproot, and a token platform, and compatibility with Bitcoin’s emerging Layer-2 advancements. Syscoin’s token platform currently features custom notary API, Fungible Tokens, NFTs, and Fractionalized NFTs.

On the Syscoin Platform, a masternode network provides a scalable service layer and added security through ChainLocks. Building on the Syscoin Platform unlocks future access to Network Enhanced Smart Contracts (NEVM) that takes the best of Ethereum and expands its processing power to facilitate bigger and more complex programs with ultra-low fees.