<aside> 🔴 Submissions Closed - we are not currently accepting bounty submissions

</aside>

About Identity Staking

Identity Staking is a concept that Moonshot Collective (part of GitcoinDAO) is experimenting with on Passport that allows users to stake their GTC as a sybil resistance signal.

During Grants Round 15, we are enabling users to stake GTC on their identity during the Grants Round in order to boost their Trust Bonus score. This will increase how much of their donations gets matched in the Round.

This staking is done on a Smart Contract where staked GTC is locked for the duration of the round, and unlocks after the round is over and the matching process is complete (~2 weeks after round).

What we want you to Investigate

Review code from the following repository https://github.com/moonshotcollective/id-staking/blob/contract-cleanup/packages/hardhat/contracts/IDStaking.sol  to see if there are any bugs or vulnerabilities on the Smart Contract, and submit any that you find.

What Vulnerabilities to look for

We, of course, want to know every vulnerability, but in particular:

• Safety bugs
• Issues that effect security of funds
• Inconsistencies in assumptions (like situations where somebody could reuse signatures for community staking)
• Denial of service vectors
• Calculation or parameter inconsistencies

The Rules

We follow many of the bug bounty rules that the Ethereum Foundation does:

• Decisions on the eligibility and size of a reward are the sole discretion of Gitcoin.
• Any disclosure of a vulnerability to the public or other third parties (such as the media) before Gitcoin makes it public will disqualify the bounty. You must privately submit issues to [email protected]
• Issues must be new to the team. Another builder or an audit can’t have already identified them.
• Provide the steps required to demonstrate an issue. If we cannot reproduce a problem, we will not be able to reward it.