The goal of this bounty is to compromise the Actor security model. Convex depends on a security model such that the only code that should be executed in the Actor's context is code deployed or permitted to be executed by the Actor itself.
Requirements:
Must show the ability to execute arbitrary CVM code in the Actor's security context (i.e. using the *address* of the Actor, such as transfering coins away from the Actor's Account)
May be demonstrated with any Actor deployed on the test network (you may deploy your own)
Must not exploit a flaw in the Actor's code (e.g. creating an Actor which calls eval on untrusted user input) - this would be considered a flaw in the Actor implementation rather than the CVM security model.
The goal of this bounty is to compromise the Actor security model. Convex depends on a security model such that the only code that should be executed in the Actor's context is code deployed or permitted to be executed by the Actor itself.
Requirements:
*address*of the Actor, such as transfering coins away from the Actor's Account)evalon untrusted user input) - this would be considered a flaw in the Actor implementation rather than the CVM security model.