Initial documentation for DePool contract formal verification.
Contest should provide a set of specifications necessary in order to perform DePool contract security audit and formal verification.
Each participant should answer the following:
- Describe Algorithm for high level code Analysis
- Describe main contract business scenarios
- Describe possible security issues (bugs, leading or not to attacks)
- Describe possible attack vectors (what is attack: money loss/freezing, contract misbehaviour). Create a hierarchy for different issues (criticality, etc)
- First level specification (on the top of main scenarios, informal)
- Description of how contract acts
- Description of what functions are to be called in the main flows
- Interacting (if any) with other contracts
- Decision of what “big” parts we’d like to axiomatize (other contracts, TVM etc)
The answers should be provided in the following form:
- Business-level specification written in the natural language
- Should be represented in a form of set of common sense logical statements
- Logical statements must be accompanied by diagrams and flowcharts (block diagrams)
- Role-action matrices must be included into the report (what roles exist in the contract and what actions are supposed by them)
- Table of possible attacks and malfunctions must be included into the report with severity or each attack or malfunction clearly indicated and prioritized (critical, major etc.).
Contest Dates: 20 August 2020 — 31 August 2020
1 place — 50 000
2 place — 25 000
3 place — 10 000
Places 4 and 5 — 2 500 each
Jury should be formed from known experts in the field of security, smart contract audit and formal verification fields only
An amount equal to 5% of all total tokens actually awarded and distributed will go to each juror for performing their civic duty to the community and taking the time to judge each submission and provide feedback.