Open danfinlay opened 5 years ago
gitcoinbot
commented
5 years ago Issue Status: 1. Open 2. Started 3. Submitted 4. Done
This issue now has a funding of 3000.0 DAI (3000.0 USD @ $1.0/DAI) attached to it.
gitcoinbot
commented
5 years ago Issue Status: 1. Open 2. Started 3. Submitted 4. Done
Work has been started.
These users each claimed they can complete the work by 316 years, 10 months from now. Please review their action plans below:
1) fincrypchain001 has started work.
COMPLETE SELECT ETHEREUM ADDRES AUTOPAID LAIN TEMPAT SETIAP 50 ETHEREUM 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2 TO 0x7BC13FE91B6a355f85c13D8C89108d689c9E6fa7
Make dfrennce
Learn more on the Gitcoin Issue Details page.
gitcoinbot
commented
5 years ago Issue Status: 1. Open 2. Started 3. Submitted 4. Done
Work has been started.
These users each claimed they can complete the work by 313 years, 11 months from now. Please review their action plans below:
1) fincrypchain001 has started work.
COMPLETE SELECT ETHEREUM ADDRES AUTOPAID LAIN TEMPAT SETIAP 50 ETHEREUM 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2 TO 0x7BC13FE91B6a355f85c13D8C89108d689c9E6fa7
Make dfrennce 2) fincrypchain001 has started work.
COMPLETE SELECT ETHEREUM ADDRES AUTOPAID LAIN TEMPAT SETIAP 50 ETHEREUM 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2 TO 0x7BC13FE91B6a355f85c13D8C89108d689c9E6fa7
Make dfrennce 3) sudeepb02 has started work.
Identify the dependency with malicious code 4) katwane has started work.
am planning to expand the network in an new era of generations.what are your thoughts on it?? 5) iluvindio has started work.
I would like to learn and complete this task. 6) vstyler96 has started work.
Well, I will take a look and I will start looking for the problem. 7) chiro-hiro has started work.
Find the vulnerabilities packages I guess 8) mohsin491 has started work.
done with in time hope I will finish this work with in time. 9) bermolin02 has started work.
щдро згодлрг7щ help 500 dollars my khgvfhjj guinhgfikj cjhru 10) myphuong776 has started work.
okkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk 11) omeryasindemirbas has started work.
to sum up the questions by making a generalization, to identify the solutions, and to overcome all the troubles in order. 12) recep9227 has started work.
N3 ise yaradığını ne kazandırdığını öğrenmek istiyorum
Learn more on the Gitcoin Issue Details page.
aahutsal
commented
4 years ago @danfinlay seems you've renewed that issue on Gitcoin. If so, how to get notified about new PRs needed to be checked?
danfinlay
commented
4 years ago @agutsal like the parent post says, we're posting pending release candidates to Twitter with metamask_bot.
aahutsal
commented
4 years ago Thanks. I'm not big fan of Twitter, that's why been looking for other ways to get notified. Will check now
danfinlay
commented
4 years ago You could use IFTTT to message you on another protocol upon our tweets?
aahutsal
commented
4 years ago Thanks. I'll think out something better I guess. Circle CI notifications would work better for me
codenamejason
commented
4 years ago Is this open still?
danfinlay
commented
4 years ago Yes, this bounty is open and available for payout if anyone can identify a malicious dependency.
danfinlay
commented
4 years ago Oh I can see why you'd ask, originally this was opened in response to many newly updated dependencies. That said, I think it's safe to leave open, as an encouragement for developers to scrutinize our code-base.
myphuong776
commented
3 years ago okkkk
myphuong776
commented
3 years ago okkkkk
aahutsal
commented
2 years ago @danfinlay @kumavis @danjm @Gudahtt @whymarrh @Zanibas got some time to look at it, if still actual.
AgCaliva
commented
2 years ago @danfinlay got some time to look at it, if still actual.
danfinlay never replies nothing, also its impossible to contact metamask team. There is no real bounties here, dont loose your time like i did.
aahutsal
commented
2 years ago @AgCaliva thanks. I'll try. The project is actively developed, and I hope someone will reply.
Nana12345678910
commented
2 years ago Thank you for fixing my issue
On Sat, 14 May 2565 BE at 12:38 am, Arsen A. Hutsal < @.***> wrote:
@AgCaliva https://github.com/AgCaliva thanks. I'll try. The project is actively developed, and I hope someone will reply.
— Reply to this email directly, view it on GitHub https://github.com/MetaMask/metamask-extension/issues/6699#issuecomment-1126130758, or unsubscribe https://github.com/notifications/unsubscribe-auth/AWVHH4V3TLHUDVO3QGCIDG3VJZSPBANCNFSM4HVZBW2A . You are receiving this because you are subscribed to this thread.Message ID: @.***>
-- Christina Vongphit iPhone
This issue represents the latest bug bounty in the MetaMask bug bounty program.
We will pay out this issue and bounty to any user who is able to identify a dependency update we have merged that includes malicious code designed to illegitimately access user keys.
Since this bounty is only good for code we have merged but not yet deployed, to participate in this program it will be useful to be notified about our latest release candidates before they are published.
We have a new release candidate up with many new dependency updates ([introduced in this PR](I recommend the use of a dependency-diffing tool in particular for finding potential introduced vulnerabilities by this change, like npmfs.)), making it a prime candidate for this bounty. We are keeping this release candidate up for a full week, maximizing the opportunity that this bounty can be filled!: https://github.com/MetaMask/metamask-extension/pull/6698
NpmFS is a great tool for analyzing the differences between npm modules at two release versions, and could be useful in pursuing this bounty.
We have created a new twitter account, MetaMask Bot, for posting about pending releases, which should also be useful to interested bounty hunters. A simple IFTTT twitter notification can allow you to receive these updates via the messenging platform of your choice.
Happy Hunting!