Ethereum Help us find Bugs

Help us find Bugs
[CRITICAL] Help MetaMask out of its Activity-Trap
Merry Christmas from the 0xcert team! And a little non-fungible gift: The 0xcert Verifier
Is ENS a viable replacement for ICANN's DNS? It seems like the only blocker is the browser itself and looking at ENS records.
Crypto YouTubers On The Naughty List - The 2019 Christmas Purge - LIVE (Crypt0)
Tornado.cash adds support for a bunch of new tokens, now can earn interest on deposits

Posted: 25 Dec 2019 04:17 PM PST

Hello, this is Jeayoung Han, the CEO at Mycoldwallet.

I'm excited to announce the completion of our project Mycoldwallet.

Prior to the project launch, to verify its security and guarantee its safety, we are planning to hold a Hacking Contest to the public.

Everybody, please come and hack the blockchain account if you can!!

📷

Purpose of the event: To find any possible malfunctions or errors that can cause inconvenience or security problems. Anyone who can control the protection account without the signature of either the user or management system is the winner of the contest.

Dates of the event

1st round: 10~15 of Dec.

2nd round: 16~22 of Dec.

3rd round: 23~29 of Dec.

Prize for winners

Critical bug detector: $1,000 and 20,000 MCW Tokens
Normal bug detector: $200 and 5,000 MCW Tokens
The leftover prize from each round will be carried forward to the next round.

** Critical bug: A situation that can make the protection account locked or have the assets in the account transferred to another place without the user signature.

** Normal bug: A situation that cannot control the protection account but that can cause small operational glitches.

** Any participants who find a problem or error in the program can contact [contactus@mcws.io](mailto:contactus@mcws.io) for the reward.

** The first verified detection is only valid for the reward.

Detailed information

a.Target protection account(Rinkeby Testnet)

https://rinkeby.etherscan.io/address/0x8c67f07dcdcf8acb307f3b0500a6333c0e60002d

b. ABI link of the protection account https://mycoldwallet.io/download/ProtectedAddress.zip

** The participants can use all the command words on the ABI file attached here.

** Explanation of Mycoldwallet: We are a cryptocurrency wallet service program that provides a Protection Account which is programmed with the Smart-contract. At the time of the account creation, the system registers two signatures in the account. One is a user's signature and the other is a management signature. The activation of the keys is controlled by a waiting period that the user selects on the account setup. During the waiting period, only the user's signature can control the account but when it expires the management signature can control the account. This waiting period is automatically renewed when there is a withdrawal in the account.

I invite any hacker who is up to the challenge to help us improve our service.

MYCOLDWALLET.IO

https://preview.redd.it/xp1v77myev641.jpg?width=600&format=pjpg&auto=webp&s=07af6491baf8277e790f053028fdd9522992e819

submitted by /u/mycoldwallet
[link] [comments]

[CRITICAL] Help MetaMask out of its Activity-Trap

Posted: 25 Dec 2019 07:08 AM PST

Well, not MetaMask (MM), but the MetaMask-Team, especially the leads. The leads exists, despite J. Lubin is trying to convince everyone that ConsenSys is a non-hierarchical company. It is not.

Now, D. Finlay (more or less the MM project-lead) is totally overwhelmed, in fact the whole team of 24(!) people is totally overwhelmed. Even the issues are not processed, and sadly the team does not realize that a "public issue-tracker" needs daily processing:

https://github.com/MetaMask/metamask-extension/issues/7608#issuecomment-560500509

One cannot follow development via the public issue-tracker, simply because the team uses an internal tracker and internal "meetings". This is not transparent. This is not decentralized.

MetaMask is a critical value-moving piece of Ethereum. It is written in JavaScript, nearly completely untyped. The code is of low quality, full of technical debt (both, in terms of code and architecture).

The migration to typed TypeScript is the first step towards a safer and cleaner code-base.

But!!!

For some reason, the Highly-Centralized-System "gitcoin" ("The Shame of all DApps", a ConsenSys product, and possibly a pet-project of J. Lubin himself) has listed more and more super-low bounties (sometimes even below $1/h, estimated). And this critical TypeScript Migration is attempted in a similar low-budget manner:

https://github.com/MetaMask/eth-sig-util/issues/70#issuecomment-562928379

There are many interested "bounty-hunters" (oh my, what a terminology), but naturally, they do not grasp the scope of this task.

The MM project-lead fails to realize that this is an "high-profile" task, which needs to be executed by a high-performing central senior/architect:

https://github.com/MetaMask/metamask-extension/issues/7601

Now, despite ConsenSys know me as "capable to fill this role", I'm sure that I'll not land this gig (possibly due to my lack of diplomacy?), so please, folks, ensure that MetaMask

migrates over to TypeScript (fully, not this nonsense of adding manually created declaration files).
polishes and document all low-level packages
unifies/standardizes naming (across the Ethereum Domain).

The same is true for all Ethereum JS low-level-libraries. Naturally, during the rework of MM, those Ethereum JavaScript-packages should be processed, too.

And always remember: