Free TON

DePool Contract Verification (Phase 1)

Short Description

Initial documentation for DePool contract formal verification.

Motivation

Contest should provide a set of specifications necessary in order to perform DePool contract security audit and formal verification.

Term

Each participant should answer the following:

  1. Describe Algorithm for high level code Analysis
  2. Describe main contract business scenarios
  3. Describe possible security issues (bugs, leading or not to attacks)
  4. Describe possible attack vectors (what is attack: money loss/freezing, contract misbehaviour). Create a hierarchy for different issues (criticality, etc)
  5. First level specification (on the top of main scenarios, informal)
    1. Description of how contract acts
    2. Description of what functions are to be called in the main flows
    3. Interacting (if any) with other contracts
    4. Decision of what β€œbig” parts we’d like to axiomatize (other contracts, TVM etc)

The answers should be provided in the following form:

  • Business-level specification written in the natural language
  • Should be represented in a form of set of common sense logical statements
  • Logical statements must be accompanied by diagrams and flowcharts (block diagrams)
  • Role-action matrices must be included into the report (what roles exist in the contract and what actions are supposed by them)
  • Table of possible attacks and malfunctions must be included into the report with severity or each attack or malfunction clearly indicated and prioritized (critical, major etc.).

Contest Dates: 20 August 2020 β€” 31 August 2020

Proposed prices:

1 place β€” 50 000

2 place β€” 25 000

3 place β€” 10 000

Places 4 and 5 β€” 2 500 each

The jury:

Jury should be formed from known experts in the field of security, smart contract audit and formal verification fields only

Jury rewards:

An amount equal to 5% of all total tokens actually awarded and distributed will go to each juror for performing their civic duty to the community and taking the time to judge each submission and provide feedback.

7 Likes

DePool contests are very important. I think this proposal should be moved to the voting :+1::+1::+1:

2 Likes

Hi everybody,
Pruvendo team is sending our proposal.

Regards,
Sergey.

3 Likes

Hi Nice proposal,

Can you clarify what is β€œTimer” mentioned in the proposal.

Validation period - period of time for which GVS is elected.

Or

Investment round - period of time between Participant investing a stake in DePool and receiving it back (with or without interest).

https://docs.ton.dev/86757ecb2/p/45d6eb-depool-specifications

Thank You

1 Like

Hi,

Actually Timer is the more internal entity that switches pooling rounds. From the Participant point of view:

  • between ticks 0 and 1 she invests a stake
  • between ticks 1 and 3 all the activity (elections, validation etc.) happens
  • at the tick 3 investements are returned (sometimes it happens sooner)

You may use this great picture from the specification as a reference. Each tick of the timer is a new round.

2 Likes