[Bug Bounty: up to 100 ETH] Linguo

[clesaege]

Linguo Bounties

This is a bug bounty on the Linguo contract.
Bugs are rewarded up to 100 ETH according to this classification:

• Critical Bugs: 100 ETH
  for bugs that enable stealing a high amount of user funds.
• Major Bugs: 50 ETH
  for bugs that can lock user funds or enable stealing a low but non negligible amount of user funds.
• Minor Bugs: 5 ETH
  for smaller bugs which can still produce a non negligible amount of harm to users (like displaying a rejected translation as valid or an invalid as rejected).

If you find a bug you can send a mail to [email protected]. In case of dispute about the classification of a bug, Kleros will be used to solve it.

Linguo

Linguo is a translation dapp.

• Anyone can request a translation by uploading a text to be translated, setting a deadline, a minimum price and depositing the maximum price (in ETH) it is ready to pay.
• The pricing is market based. The price for the translation starts at min_price, it then increases linearly such that it reaches max_price at deadline. The price of a translation is determined by its price when a task is taken. It is: price = min_price + [(max_price-min_price)*(now-submission_time)]/(deadline-submission_time).
• Anyone can accept a translation by putting a deposit. When someone does so, the requester gets reimbursed max_price - price.
• If the translation is not completed in time, the requester is reimbursed and gets the translator deposit as a compensation for the task not being performed.
• Once the translation is submitted, it goes into a review period. During this period, anyone can challenge the translation by putting a challenge deposit.
• If the translation is not challenged, the translator is paid and gets his deposit back.
• If the translation is challenged, a dispute is created. The ERC792 arbitrator contract is given arbitration fees.
  • If the translation is deemed correct by the arbitrator, the translator is paid and also gets a compensation (the challenger deposit minus arbitration fees).
  • If the translation is deemed incorrect, the requester is reimbursed and the challenger is rewarded (the submitter deposit minus arbitration fees).
  • If the arbitrator refuses to arbitrate, the requester is reimbursed. What remains of the translator and challenger deposits after the arbitration fees are paid is split equally between them.
• There is an appeal mechanism.
  • There are appeal fees. A deposit must be paid by each side. The deposit of winning side is reimbursed. The deposit of the losing side is used to pay arbitration fees and to compensate the winning side.
  • The side currently losing must pay its fees during the first half of the appeal period.
  • If a side does not pay its fees, it is assumed to have lost the dispute.

Bounty

Smart Contract Guidelines

We use those guidelines to write smart contracts. In particular, we do not try to prevent stupid behaviors at the contract level but leave this task to the UI. Letting the possibility to a user to harm itself is not a vulnerability (but should of course be dealt at the UI level).

Violation of guidelines are not vulnerabilities but can be reported as "suggestion for tips" (you may get a few PNK for it).

Bounty Rules

• If you have any questions, don't hesitate to ask on the slack channel (slack.kleros.io #smart-contract-review) or by sending a mail to [email protected] .
• This bounty may be advertised on multiple platforms. Bounties are only awarded to the first person finding the bug irrespective of the platform.
• All this code is provided under MIT license and can be reused by other projects. If you do, don't hesitate to inform us and we may list your deployed contracts in the @deployed of the RAB pragma.
• Good luck hunting and have fun hunting!

Extra info

Extra information are given for informational purpose. This allows you to see the bigger picture of what the contract is made for.

• Project Description
• Design