[Bug Bounty: up to 50 ETH] Kleros - Realito Integration

[clesaege]

Kleros - Realitio Integration

This is a bug bounty on the Realitio Arbitrator Proxy contract and on Realitio.

Bugs are rewarded up to 50 ETH according to this classification:

• Critical Bugs: 50 ETH for bugs that can significantly change the result of the Oracle or lead to a party losing a significant amount of ETH.
• Major Bugs: 25 ETH for bugs that can prevent a party to win a significant amount of ETH it should otherwise have won.
• Minor Bugs: 5 ETH for smaller bugs.

If you find a bug you can send a mail to clement@kleros.io and enrique@kleros.io.

Realtio Arbitrator Proxy

• This proxy creates a ERC792 Arbitrable contract acting as a Realitio arbitrator (see this example and the documentation).
• For realitio, see the documentation and the dapp.

Bounty

Smart Contract Guidelines

We use those guidelines to write smart contracts. In particular, we do not try to prevent stupid behaviors at the contract level but leave this task to the UI. Letting the possibility to a user to harm itself is not a vulnerability (but should of course be dealt at the UI level).

Violation of guidelines are not vulnerabilities but can be reported as "suggestion for tips". Note that we've developed the proxy but not Realitio. This means Realitio code may follow different guidelines.

Bounty Rules

• If you have any questions, don't hesitate to ask on the slack channel (slack.kleros.io #smart-contract-review) or by sending a mail to clement@kleros.io .
• All this code is provided under MIT license and can be reused by other projects. If you don't hesitate to inform us and we may list your deployed contracts in the @deployed of the RAB pragma.
• Good luck hunting and have fun hunting!

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

This issue now has a funding of 5.0 ETH (691.06 USD @ $138.21/ETH) attached to it as part of the @kleros fund.

• If you would like to work on this issue you can 'start work' on the Gitcoin Issue Details page.
  • Want to chip in? Add your own contribution here.
  • Questions? Checkout Gitcoin Help or the Gitcoin Slack
  • $53,978.18 more funded OSS Work available on the Gitcoin Issue Explorer

[gitcoinbot]

Issue Status: 1. Open 2. Cancelled

---

The funding of 5.0 ETH (691.06 USD @ $138.21/ETH) attached to this issue has been cancelled by the bounty submitter

• Questions? Checkout Gitcoin Help or the Gitcoin Slack
• $53,287.12 more funded OSS Work available on the Gitcoin Issue Explorer

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

This issue now has a funding of 5.0 ETH (691.06 USD @ $138.21/ETH) attached to it as part of the @kleros fund.

• If you would like to work on this issue you can 'start work' on the Gitcoin Issue Details page.
  • Want to chip in? Add your own contribution here.
  • Questions? Checkout Gitcoin Help or the Gitcoin Slack
  • $53,978.18 more funded OSS Work available on the Gitcoin Issue Explorer

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

Work has been started.

These users each claimed they can complete the work by 4 days, 5 hours from now. Please review their action plans below:

1) cliff-burchfield has started work.

Hello,

I am new to the bounty program and was searching around trying to figure out where to start. Should I just pull the repo and start tinkering around for bugs? I know this is pretty basic but i'm new to this space. Please let me know when you get a chance.

Learn more on the Gitcoin Issue Details page.

[clesaege]

Hi,

Yes, you can search for bugs on the contracts mentioned in the issue.

Cheers,

[gitcoinbot]

Issue Status: 1. Open 2. Cancelled

---

Work has been started.

These users each claimed they can complete the work by 3 months ago. Please review their action plans below:

1) cliff-burchfield has started work.

Hello,

I am new to the bounty program and was searching around trying to figure out where to start. Should I just pull the repo and start tinkering around for bugs? I know this is pretty basic but i'm new to this space. Please let me know when you get a chance. 2) hamidous has started work.

i will started this bounty i'm interested to find bug in code

Learn more on the Gitcoin Issue Details page.

[pacamara]

@clesaege Hi! Have emailed you POC code for an attack. :beers:

[pacamara]

The issue has been discussed privately with the funders and is not deemed a live security risk. However a couple of suggestions for minor improvements arise from it, which I've filed above.

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

Work for 5.0 ETH (1160.77 USD @ $232.15/ETH) has been submitted by:

1. @hamidous

@clesaege please take a look at the submitted work:

• PR by @hamidous

---

• Learn more on the Gitcoin Issue Details page
• Want to chip in? Add your own contribution here.
• Questions? Checkout Gitcoin Help or the Gitcoin Slack
• $136,106.31 more funded OSS Work available on the Gitcoin Issue Explorer

[gitcoinbot]

Issue Status: 1. Open 2. Cancelled

---

The funding of 5.0 ETH (1073.81 USD @ $214.76/ETH) attached to this issue has been cancelled by the bounty submitter

• Questions? Checkout Gitcoin Help or the Gitcoin Slack
• $142,504.33 more funded OSS Work available on the Gitcoin Issue Explorer