Steemhunt/mint.club-v2-contract

Community Audit - Reward Distribution! πŸ’Έ

Closed this issue Β· 21 comments

sydneyitguy commented

πŸ™πŸ» Thank you!

The community audit event for Mint Club V2 contract is now complete.
In total, 15 developers contributed to this review process:

Thank you all for your valuable time and contributions! πŸ‘πŸ»

I have evaluated all contributions as fairly as possible, considering the importance of the contributions and the amount of work put into the reviewing process.

πŸŽ…πŸ» Here is the reward distribution table:

image

Please double-check your wallet address on the distribution table. If you haven't included your wallet address in your first contribution, please leave your Ethereum wallet address here to receive your USDT reward. The missing addresses are:

If you prefer not to share your address publicly, you can send it to our email instead: admin@hunt.town.

The reward will be distributed on the 26th of December as promised.
Thank you, everyone, and Merry Christmas to all! πŸŽ„

litchdoteth commented

I apologize, but I've run out of time to review the code thoroughly. Some urgent priorities have come up on my end. Congrats participants.

  • ❀️1
web3isthefuture commented

Thanks for having me here :)
0x8db78825497Bf47Cea2c2d65333Cc6Faf4a7A7F6

  • ❀️1
0x3agle commented

Hey all, I'm glad to contribute to strengthening Mint Club V2's smart contracts.
A big thanks to @sydneyitguy for this incredible opportunity πŸ™Œ

Merry Christmas πŸŽ„

  • Polygon/ETH Mainnet Address: 0x6DC8236735e0c60B511a57b5A9c38C3559617D5B
  • πŸ‘1
the-first-elder commented

Thank you @sydneyitguy for the opportunity. I'm always open to working with you guys. Merry Christmas to everyone.

0xf0009d96f8061411146f19393525349C5F74b90C

  • πŸ‘1
Paschal695 commented

Thanks for the opportunity,here’s my address

0x381aCa102D5d10712a4429d1106b80D10c12ab45

  • πŸ‘1
madMax92221 commented

Happy Holidays all! Thanks for having me! :

ETH mainnet:

0x59dA688CF5d3Bc3E29FC5d0EdFEb6196Cae196cE

  • πŸ‘1
holyhansss commented
  • πŸ‘1
ddimitrov22 commented

Happy Holidays all! Thanks for having me! :

ETH mainnet:

0x59dA688CF5d3Bc3E29FC5d0EdFEb6196Cae196cE

Happy holidays from me as well! You can send my share to the same address as madMax92221:

ETH mainnet:

0x59dA688CF5d3Bc3E29FC5d0EdFEb6196Cae196cE

  • πŸ‘1
inmarelibero commented

ETH wallet: 0xa9De8755FaCD88Fd82894afD2C014C860993042f

thank you, enjoyed it!

weed0607 commented

eth wallet: 0x9A3032f0321396D3378D3681F42006144346d860
Thank you, although didn't find anything...

KupiaSecAdmin commented

Happy holidays!
This was the first time we worked on a community audit and we appreciate the opportunity.
We have a suggestion regarding the "rule" though. (rewarding formula, giving points to findings)
It is a bit disappointing that the LOW severity findings and comments are valued and rewarded much more than a HIGH severity finding. We see there were only a single HIGH severity finding and 3~4 MEDIUM findings and bunch of LOW ones.
In the sense of impact, we believe a HIGH finding is 100 times more valuable than a LOW finding.
Most of the low ones are something that could be found using static analyzers and seemingly the current rewarding rule strongly discourages manual reviewers.
Maybe, we did not understand the rule clearly (were there any rules specified somewhere? like giving X points for 1 valid comment?)
We respectfully suggest the team to reconsider the rewarding formulas while we understand it might be not feasible to change the result at this point.
Regards.

  • πŸ‘2
KupiaSecAdmin commented

Just guessing from the result sheet, it seems like 33:28:18 are the weights of HIGH:MEDIUM:TRIVIAL for the contribution point.
While the team is a rule maker, we want to remind that the HIGH:MEDIUM ratio is 10:3 at Code4rena and 5:1 at Sherlock
2023-12-25_17h11_28

  • πŸ‘1
0x3agle commented

@KupiaSecAdmin

"Maybe, we did not understand the rule clearly (were there any rules specified somewhere? like giving X points for 1 valid comment?)"

( From COMMUNITY_AUDIT.md)

Collaborate and Provide Feedback: Engage with the community by commenting on and providing feedback to other contributors' submissions. These interactions will also contribute to your participation.

0x3agle commented

Just guessing from the result sheet, it seems like 33:28:18 are the weights of HIGH:MEDIUM:TRIVIAL for the contribution point.

While the team is a rule maker, we want to remind that the HIGH:MEDIUM ratio is 10:3 at Code4rena and 5:1 at Sherlock

2023-12-25_17h11_28

C4 and Sherlock is different as the rewards are distributed to all finders of the issue.
In this audit type only the first finder is rewarded for the issue.

KupiaSecAdmin commented

Collaborate and Provide Feedback: Engage with the community by commenting on and providing feedback to other contributors' submissions. These interactions will also contribute to your participation.

We are aware of that, but they are not exact rules like giving how many points on each kind of activity.

C4 and Sherlock is different as the rewards are distributed to all finders of the issue.
In this audit type only the first finder is rewarded for the issue.

You misunderstood our point. It's not about duplicates, it's about weights of different severity findings.
We believe you are aware of all the similar systems like Hats Finance and Immunefi where only the first report is rewarded but critical/high severity ones are rewarded much more than low or even medium ones. The weights applied for this community audit are quite different from general perception.

We could have provided bunch of comments with tons of LOW/INFO level findings and even could have explored building a whole test suite using Foundry if the rules were clear.

Anyway, we would like to make it clear that our suggestion is for the protocol team so that they can be more clear and fair next time.

@0x3agle Congratulations on your win! Rest assured and enjoy it. We are not struggling to change the result that has been made public already.

  • πŸ‘1
sydneyitguy commented

@KupiaSecAdmin
Thank you for your feedback on our community audit bounty distribution. We understand your concerns regarding the weighting of different severity findings. However, in this community-based audit, our priority was to encourage broad participation and recognize the efforts and contributions of all participants.

It is difficult for us to update the distribution table now because it has been publicly announced, but your suggestion to provide clearer guidelines and more balanced reward structures based on criticality is well-noted. We aim to foster a fair and transparent community, and part of that involves continuously refining our processes based on feedback like yours. πŸ™πŸ»

  • πŸ‘1
sydneyitguy commented

Bounty distribution is complete! Please check your wallet to see if you have received the tokens correctly.

@dzypherit @exd0tpy @web3isthefuture @0x3agle @ddimitrov22 @the-first-elder @madMax92221 @Tech-Icons @sirius651 @weed0607 @KupiaSecAdmin @holyhansss @alsldl @Paschal695 @inmarelibero

Thank you again to all audit participants. We will return with another audit event in the future :)

Feel free to join the Hunt Town Discord - Web3 Builder Guild - for the future updates and to connect with other Web3 builders!
https://discord.gg/hunt-town

  • πŸ‘4
Tech-Icons commented

please someone should help me with $3 ETH....... to be able to withdraw my reward from wallet,ETH fee is killing

0x7F60eCB087eF0b852C19d5248b57e472F7066B5C

Thanks

sydneyitguy commented

@Tech-Icons just sent you some ETH to cover your gas fee :)

  • πŸ‘1
Tech-Icons commented

@sydneyitguy thanks so much appreciate

  • ❀️1
Iriz07 commented

Below is my wallet

[0xB7476807C53C28819E69c5b639394a12E4227746]