After hack @ DEVCON1, martin swende is the no. 1 in the ranking of the ethereum bounty program. The rewards program is ongoing and the last reward given amounted to 5 BTC. The program is open to anyone. With BTC relay Preparing for the launch on Ethereum and its importance to many DApps, we want to highlight its ongoing security audit by including it in the Ethereum Bounty Program.
BTC Relay is an Ethereum contract that implements Bitcoin SPV: https://en.bitcoin.it/wiki/Thin_Client_Security
The main purpose of BTC Relay is to transfer any sufficiently confirmed Bitcoin transaction to a specific Ethereum contract. If someone makes a Bitcoin payment, or any arbitrary transaction on the canonical Bitcoin blockchain, the relay should be able to send it to any specified Ethereum contract. More details in the specification.
The goal is to identify security issues, such as accepting invalid block headers, false proofs, or invalid Bitcoin transactions. Similarly, if there is a valid Bitcoin transaction that is not fully transmitted by BTC Relay, it would also be eligible for rewards.
Please note that since BTC Relay has a separate open source grant for bounties, top bugs will be bounty up to 1 BTC. Much higher rewards are possible (up to 5 BTC) in case of severe vulnerabilities. The rewards are eligible for everyone except the rewards program judges and BTC Relay developers.
The scope is in the contract, the 5 “.se” files in the root directory of:
https://github.com/ethereum/btcrelay/tree/1466934855225b1e4a87031d299c1209ba12d503
(This is a commitment in https://github.com/ethereum/btcrelay develop branch).
Full functionality of the SPV client is not in scope (for example, Bitcoin block timestamps are not verified to save gas costs). Better mechanisms for incentivization, cost of gas and other algorithm optimizations are not contemplated. That being said, any such feedback will still be gladly considered.
With BTC Relay now included in the Ethereum bounty program, most of the rules about http://bounty.ethdev.com request. For example, websites are not part of the rewards program and are first come, first served: issues that have already been submitted by another user or that It is already known to the team are not eligible for bounty rewards. But, this also means that beyond the monetary rewards, each reward is also eligible for:
- Listing on the Ethereum rewards leaderboard with points accruing throughout the program.
- Personal registration in the Ethereum namereg once it is active.
- An exclusive limited edition Ethereum Bountyhunter t-shirt
If you would like to join the BTC Relay channel, it is open to everyone at https://gitter.im/ethereum/btcrelay. The rewards program will run for a few weeks before launching BTC Relay to Frontier. Here are some items to discuss with the community and open questions for the launch of Frontier:
- What should be the first block in BTC Relay?
- For technical and practical reasons, the first block that can be stored on BTC Relay is the 2016 block (first difficulty retarget). The first block of the BTC Relay must be in a difficulty retarget, i.e. a block divisible by 2016.
- How likely is it to verify Bitcoin transactions from a while ago?
- How useful would it be if BTC Relay started with the block two difficulty retargets ago?
- currently, that would be block 389088
- is there a script anyone can run to send block headers to BTC Relay and what do you think their default fee should be, what verifiers of a Bitcoin transaction pay in ETH?
- current script rate is 0
- it usually costs less than 0.01 ETH to send a block header. Should the default fee be 0.01 ETH?
- this default fee can be overridden as the sender wishes, although the incentive mechanism makes setting an excessive fee unlikely to be rewarding
Finally, the BTC Relay Reward Program was added under “news and updates” to bounty.ethdev.com a couple of weeks ago, and it has already attracted 1 reward shipment!