Blog

Cold Staking Security Audit & Bug Bounty

Cold Staking Security Audit & Bug Bounty

Cold Staking Security Audit and the Bug Bounty program

Callisto Cold Staking contract passed a security audit successfully. No critical vulnerabilities were found. The report can be found here.

There is a bug bounty and you can check the process here. Bug bounty will stay relevant until 12th October 2018, when the final version of the contract will be enabled. However, we do not expect any new bug reports.

4 minor flaws were reported (duplicate functionsglitch of a view functionduplicate conditionglitch of a view function #2) and fixed (fix 1 and fix 2).

I would also like to thank Anton Bukov and Sergej Kunz for participating in the bug bounty. We are pleased that developers with such good skills in security and the development of smart-contracts are involved.

Tech summary

The source code of the contract, that is actually deployed at Callisto Mainnet at the moment of HardFork 1 is located here.

Cold Staking testnet version (reduced staking delays).

Cold Staking contract is deployed at Callisto Mainnet: 0xd813419749b3c2cdc94a2f9cfcf154113264a9d6

Callisto Staking contract is deployed at Testnet3 at the same address:
0xd813419749b3c2cdc94a2f9cfcf154113264a9d6 (testnet link)

Compiled with REMIX version:0.4.25+commit.59dbf8f1 optimization enabled.

Contract Runtime bytecode sha3 hash: 371fb4b81b874c99b8832f8452bb30384fa33723e9c68c1df81519f68a9ca2ac54bdc867027949f39a958693d5d6f851f033e0aecf53dbb47a3bf398cd969a3d

Source: https://medium.com/@dexaran820/cold-staking-security-audit-bug-bounty-838317a0c80e

Topics:Learning