This content originally appeared on DEV Community and was authored by ToTo Bugelman
A new player has appeared in the DeFi segment – Dex223. A DEX platform focused on the ERC-223 fungible token standard. The developers led by the anonymous security expert Dexaran are promoting ERC-223 as a safe replacement for ERC-20. It was recently announced that the DEX core is ready, with internal and external audits conducted. Dex223 announces the final stage before the official launch – the Bug Bounty program.
Dex223 invites researchers, blockchain engineers, and dApp developers to contribute to the security of the platform by receiving rewards for discovered vulnerabilities and errors.
Scope of Research
Not all Dex223 modules are covered by the Bug Bounty program, only the core, ready to enter the market.
What Bug Bounty participants can work on:
- Smart contracts: all Dex223 contracts in the Ethereum mainnet and test networks (Dex223-contracts).
- Web application: https://test-app.dex223.io.
- Exchange interface: https://test-app.dex223.io/en/swap.
- API: public and authenticated endpoints (including fiat money in/out).
- Infrastructure: cloud services and deployment pipelines.
What is not included in the Bug Bounty scope:
- MarginModule – margin trading module.
PriceOracle – price oracles required for margin trading.
Known issues:
Pool creation: Error when one token is ERC-20 Origin and the other is ERC-223 Origin with no existing ERC-20 wrapper.Auto-conversion: No auto-conversion of ERC-20 wrapper tokens to ERC-223 Origin in pools that have only ERC-20-side liquidity for an ERC-20/223 pair.
Third-party services not owned by Dex223.
DDoS attacks.
Physical security assessment.
Social engineering.
A report can be submitted to the GitHub repository “dex223-bug-bounty”:Click New Issue.
Choose a template: Bug Report, Feature Request, or Question.
Fill in what you found, where it is, and how to reproduce it.
Submit.
Error Levels and Rewards
Dex223 has differentiated 4 levels of problem severity and corresponding rewards:
Critical – 30M D223. A vulnerability that can completely disrupt the workflow of contracts.
High – 7M D223. A serious problem with serious consequences, but not affecting the entire platform.
Medium – 3M D223. May lead to loss of funds under certain conditions.
Information – 1M D223. Best practices, documentation improvements, low-impact issues.
Rewards are paid primarily in the platform’s native token D223. But there are exceptions for the possibility of payment in another cryptocurrency or bank transfer. It is also worth noting that Dex223 is considering the possibility of long-term partnership within special programs. The detailed structure of rewards, payment periods, and conditions can be read on GitHub Bug Bounty.
A Good Opportunity
Not every day does a new player appear in the DeFi sector with innovations different from the existing market.
Dex223 has two unique features: support for both ERC-223 and ERC-20 token standards; hybrid liquidity pools capable of operating without splitting into separate pools, which in itself positively affects the platform’s liquidity and slippage in trading operations. Dex223 also implements one of the safest types of margin trading – encapsulated. It is all the more interesting for researchers and dApp engineers to participate in Bug Bounty Dex223. In addition to financial benefits, there is an opportunity to work on ERC-223 and dApps based on it, thereby increasing one’s qualifications and gaining recognition in the community, and with the significant spread of ERC-223, possibly being among the first on the crest of the wave.
Useful links:
Problem report submission page “dex223-bug-bounty/issues”.
Contact with developers: Telegram or Discord.
Official blog of Dex223.
This content originally appeared on DEV Community and was authored by ToTo Bugelman