The
TOP cross-chain bridge testnet version supports ETH
and stable coin (USDT) assets to cross between the ETH chain and the TOP chain.
Now the test version of the TOP cross-chain bridge is open to public, and we
are inviting you to participate in the test! Be a TOP hunter and get rewards
from it. Up to 15,000,000 TOP for a single issue! Happy hunting!
Duration: Aug.5 - Aug.24, 2022 (UTC+8)
Rewards:
Critical:
10,000,000 -15,000,000 TOP per issue
High:
1,000,000 -8,000,000 TOP per issue
Medium:
100,000 - 1,000,000 TOP per issue
Bug Bounty Rules:
1.
The TOP team will jointly review the submitted issues and reward hunters
according to the severity of the problems.
2.
Hunters should provide a complete issue description, test address, transaction
hash, screenshot of issues and so on.
3.
For the same questions, first come first served.
4.
Known issues and some pre-clarified contents are not included in this bug
bounty program.
Note:
The TOP team has the right to interpret the bug bounty program.
Join
TOP Telegram for further discussion: https://t.me/topnetwork_top
How to join the TOP cross-chain bridge
open test?
1. Visit
TOP cross-chain bridge
https://testbridge.topnetwork.org/integratedCrossChain
Or you can visit TOP webiste, find ‘New Decentralized Bridge’, locate ‘Integrated cross-chain bridge’.
Open
the link in a browser with a Metamask wallet, such as
Chrome, Firefox, etc. Metamask will automatically add
TOP Testnet and ETH Testnet,
and there is no need to add RPC manually. You can switch manually afterwards.
2. Get
test tokens from TOP faucet
https://www.topnetwork.org/en/faucet
You
can get the following test tokens from faucet each time:
ETH
Testnet: 0.1 ETH, 30 USDT
TOP
Testnet: 0.05 ETH
Open
TOP faucet, enter a valid Ethereum-formatted address to get the test tokens. You
can get tokens again after 72 hours.
3. Add
stable coins to Metamask
The
cross-chain bridge is connected by default to ETH Testnet.
Please manually add stable coin tokens in Metamask.
ETH
Testnet – USDT token address:0x4268F1891609dE171d0896136571DE15C91d91Bd
TOP
Testnet - USDT token address:0x7e3aC793663dEb959710C8CE6929A3c860f5479A
4. Start
testing in the cross-chain bridge
Before
the test, please confirm that you have received test tokens in your wallet
address. Please also check the information of #6 & #7 first.
Cross-chain
link: https://testbridge.topnetwork.org/integratedCrossChain
A. Cross
ETH assets to TOP chain
a) Enter
the number of assets you want to transfer, click Transfer to complete
the transaction, and you will see Pending transaction on the right side.
b) Wait for
the cross-chain contract to be executed until Pending is changed to Claim
(estimated 20 minutes).
c) Click Claim
again, Metamask will add TOP Testnet.
d) Click Claim
again to complete the transaction. Check the TOP address balance afterwards.
B. Cross
TOP assets to ETH chain
a) Select From
as TOP, enter the number of assets you want to transfer, click Transfer
to complete the transaction, and you will see pending transaction on the
right side.
b) Wait for
the cross-chain contract to be executed until Pending is changed to Claim
(estimated at 8 hours).
c) Click Claim
again, Metamask will automatically switch the chain
to ETH Testnet.
d) Click Claim
again to complete the transaction. Check the ETH address balance afterwards.
5. Issues
recording and submission
During
the test, please refer to the issues range given by the TOP team, and at the
same time record the issues found in the form of screenshots and the operation
process clearly. If necessary, keep the transaction hash.
After
the test, submit the issues you find to the
form.
6. Definition
of issue severity
Critical
It
can cause a lot of economic losses to the contract business system, large-scale
data confusion, out-of-control rights management, failure of key functions,
loss of credibility, or indirectly affect the correct operation of other smart
contracts associated with it and cause a lot of losses, and other serious and
mostly irreversible issues including but not limited to:
a) Additional
issuance or overspending of assets
b) Loss or
freezing of other people’s assets
c) Asset
theft or unauthorized spending
d) The core
business logic of smart contracts is arbitrarily tampered with or bypassed,
such as transfers, charges, accounting, etc.
e) The key
verification logic of smart contracts is bypassed, such as signature
verification, proof verification, authentication, etc.
High
Issues
found but can’t be resolved temporarily including but not limited to:
a) Other
obviously dangerous and sensitive information is unexpectedly leaked.
b) Gas fee
vulnerability
Medium
It
can pose a security threat to the contract business system, and be risks and issues
that need to be improved including but not limited to:
a) The
operation stability of smart contracts is affected, such as abnormally high
contract invocation failure rate, abnormally high resource consumption, etc.
b) Smart
contracts can be triggered by false or error events.
c) The
operation process is interrupted but resumed without loss of assets.
d) Gas
design is not reasonable.
7. Cross-chain
bridge known issues and issues not included in the bug bounty
A. Cross-chain
bridge known issues
a) The
total amount of the TOP cross-chain transaction only shows the gas fee, not the
cross-chain amount.
b) When TOP's
smart contract burns ETH token, Metamask only display
the gas fee, not the burn value.
B. User
special tips
a) When you
send cross-chain transactions with Metamask, the
transaction will be stuck in the sending state for a long time, resulting in
unsuccessful sending. The solution is as follows: click the account icon in Metamask's upper right corner to enter the account list
page, click Settings, and then click Advanced to reset the
account, then initiate cross-chain transaction again.
b) There
may be a delay in updating or displaying cross-chain transaction, you can wait
after confirming that the transaction completes successfully.
C. The
following vulnerabilities are excluded from the rewards for this bug bounty
program
a) Previously
known vulnerabilities (resolved or not) on the TOP network (and any other fork
of these).
b) Feature
request & Best practice
c) Attacks
requiring privileged access from within the organization
d) Vulnerabilities
only exploitable on out-of-date browsers or platforms
e) Vulnerabilities
built on 'user impossible action'
f) Page
compatibility
We
sincerely invite you to take part in the TOP cross-chain bridge test and
jointly construct a safe TOP ecosystem. Happy hunting!