Subsequent to the hacking incident at DEVCON1, Martin Swende currently holds the top position on the leaderboard of the Ethereum Bounty Program. The bounty initiative is in progress and the most recent bounty granted totaled 5 BTC. The program is accessible to all individuals. As BTC Relay prepares for its deployment on Ethereum and its significance for various DApps, we would like to emphasize its active security review by incorporating it into the Ethereum Bounty Program.
BTC Relay is an Ethereum contract that executes Bitcoin SPV: https://en.bitcoin.it/wiki/Thin_Client_Security
The primary function of BTC Relay is to relay any adequately confirmed Bitcoin transaction to a designated Ethereum contract. If an individual executes a Bitcoin payment, or any arbitrary action on the canonical Bitcoin blockchain, the relay ought to be capable of transmitting it to any specified Ethereum contract. Further specifics in the spec.
The aim is to detect security vulnerabilities, such as the acceptance of invalid block headers, erroneous proofs, or illegal Bitcoin transactions. Likewise, if there is a valid Bitcoin transaction that BTC Relay fails to completely relay, it would also qualify for bounties.
Please be informed that since BTC Relay has a distinct open-source bounty grant, significant bugs will receive rewards up to 1 BTC. Substantially greater rewards are attainable (up to 5 BTC) in instances of extremely critical vulnerabilities. Rewards are available to everyone except judges of the bounty program and developers of BTC Relay.
The focus is on the contract, specifically the 5 “.se” files located in the root directory of:
https://github.com/ethereum/btcrelay/tree/1466934855225b1e4a87031d299c1209ba12d503
(This relates to a commit on https://github.com/ethereum/btcrelay develop branch).
Not encompassed is full SPV client functionality (for instance, Bitcoin block timestamps are not verified to conserve gas costs). Enhanced methods for incentivization, gas costs, and other algorithmic optimizations are excluded from the scope. Nevertheless, any feedback on such matters will still be warmly welcomed.
With BTC Relay now incorporated into the Ethereum bounty program, most regulations outlined at http://bounty.ethdev.com are applicable. For instance, websites are excluded from the bounty program, and submissions are processed on a first-come, first-served basis – issues that have already been reported by another contributor or are already recognized by the team are not qualified for bounty rewards. However, this also implies that in addition to monetary incentives, every bounty is also eligible for:
- Ranking on the Ethereum bounty leaderboard with points accumulated throughout the program.
- A personal inscription in the Ethereum namereg once it becomes operational.
- An exclusive, limited edition Ethereum Bountyhunter t-shirt
If you are interested in joining the channel for BTC Relay, it is accessible to all at https://gitter.im/ethereum/btcrelay. The bounty initiative will continue for a few weeks prior to the launch of BTC Relay to Frontier. Here are some topics to converse about with the community and open queries for the Frontier launch:
- what should be the initial block in BTC Relay?
- for technical and practical reasons, the earliest block that can be preserved in BTC Relay is block 2016 (the first difficulty retarget). BTC Relay’s initial block must be at a difficulty retarget, meaning it should be a block divisible by 2016.
- how likely are you to verify Bitcoin transactions from a previous period?
- how advantageous would it be if BTC Relay commenced with the block two difficulty retargets ago?
- currently, that would correspond to block 389088
- there exists a script that anyone can execute to submit block headers to BTC Relay; what do you believe its default fee, which verifiers of a Bitcoin transaction pay in ETH, should be?
- the script’s current fee is 0
- it typically costs under 0.01 ETH to submit a block header. should the default fee be set at 0.01 ETH?
- this default fee can be altered at the submitter’s discretion, although the incentivization mechanism ensures that setting the fee excessively is unlikely to yield rewards
In conclusion, the BTC Relay Bounty Program was incorporated in the “news & updates” section on bounty.ethdev.com a few weeks back and has already attracted a single bounty submission!
