Following hacking @ DEVCON1, Martin Swende is Nr. 1 at the leaderboard of the Ethereum Bounty Program. The bounty program is ongoing and the closing bounty awarded amounted to five BTC. This system is open to somebody. With BTC Relay getting able for release on Ethereum and its significance for lots of DApps, we wish to spotlight its ongoing safety audit through together with it within the Ethereum Bounty Program.
BTC Relay is an Ethereum contract that implements Bitcoin SPV: https://en.bitcoin.it/wiki/Thin_Client_Security
The manager goal of BTC Relay is to cross alongside any sufficiently showed Bitcoin transaction, to a specified Ethereum contract. If any individual makes a Bitcoin fee, or any arbitrary transaction at the canonical Bitcoin blockchain, the relay will have to have the ability to ship it to any specified Ethereum contract. Extra main points within the spec.
The objective is to spot safety problems comparable to accepting invalid blockheaders, false proofs, or invalid Bitcoin transactions. In a similar fashion, if there’s a legitimate Bitcoin transaction which BTC Relay does now not totally relay, that might even be eligible for bounties.
Please word that since BTC Relay has a separate open-source grant for bounties, main insects can be rewarded as much as 1 BTC. A lot upper rewards are imaginable (as much as 5 BTC) in case of very critical vulnerabilities. Rewards are eligible for everybody aside from bounty program judges and builders of BTC Relay.
The scope is at the contract, the 5 “.se” information within the root listing of:
(This can be a dedicate on https://github.com/ethereum/btcrelay broaden department).
Now not in scope is whole SPV consumer capability (as an example Bitcoin block timestamps aren’t checked to save lots of gasoline prices). Higher mechanisms for incentivization, gasoline value and different set of rules optimization aren’t in scope. That mentioned, this sort of comments will nonetheless be gladly regarded as.
With BTC Relay now integrated within the Ethereum bounty program, lots of the laws on http://bounty.ethdev.com practice. For examples, web pages aren’t a part of the bounty program and primary come, first serve — problems that experience already been submitted through every other consumer or are already recognized to the crew aren’t eligible for bounty rewards. However, this additionally implies that past financial rewards, each bounty may be eligible for:
- Checklist at the the Ethereum bounty leaderboard with issues amassing over the process this system.
- Non-public inscription within the Ethereum namereg as soon as it is reside.
- An unique, restricted version Ethereum Bountyhunter t-shirt
For those who’d like to enroll in the channel for BTC Relay, it’s open to all at https://gitter.im/ethereum/btcrelay. The bounty program will run for a couple of weeks sooner than launching BTC Relay to Frontier. Listed here are some pieces to talk about with the neighborhood and open questions for the Frontier release:
- what will have to be the primary block in BTC Relay?
- for technical and sensible causes, the earliest block that may be saved in BTC Relay is block 2016 (first issue retarget). BTC Relay’s first block should be on an issue retarget, ie a block divisible through 2016.
- how most likely are you to make sure Bitcoin transactions from some time in the past?
- how helpful would it not be if BTC Relay began with the block two issue retargets in the past?
- these days, that might be block 389088
- there’s a script that anybody can run to put up block headers to BTC Relay and what do you assume its default price, which verifiers of a Bitcoin transaction pay in ETH, will have to be?
- script’s present price is 0
- it most often prices not up to 0.01 ETH to put up a block header. will have to the default price be 0.01 ETH?
- this default price will also be overridden to no matter submitter wants, even if the inducement mechanism makes it in order that atmosphere the cost excessively is not going to be rewarding
After all, the BTC Relay Bounty Program used to be added in “information & updates” to bounty.ethdev.com a few weeks in the past, and has already attracted 1 bounty submission!