Weekly overview of the bug-hunting category- week 52, 2018

in #utopian-io6 years ago (edited)

This is a report on the weekly contributions to the bug hunting category. The post contains basic stats like the number of contributions received by the category, an excerpt on new contributors if there are any and a detailed comparison of the week's output with previous weeks.

utopian (1).jpg

Previous Reports

Bug hunting contributions summary

The contributions

ContributorURLProjectScore
@tobias-g[1Ramp Alpha Web App] - Titles over 256 characters prevent post submission1ramp80
@fuzz-ai Steemd 0.20.6 bug - memory exhaustion when parsing malicious hello_messagesteemit/steem100
@blockchainstudiobusy feed/blog/replies/follow bugs due to API no longer supportedbusy.org68
@mightypandaBusy is showing only one post repeatedly in feed and discussionsbusy.org60
@razu788Recent Post are not showing in busy.orgbusy.org0
@harry-heightzUnable to login to Knacksteem from landing page.knacksteem70
@sourovafrin[Busy] [Version: 2.5.6] Showing a post multiple time on feed and weird behaviour while scrolling on feed and postbusy.org0
@mightypandaDeleting post removes the post before actual delete is performed1ramp40
@blockchainstudio[Bug Fix - Merged and Live!] Finally, Busy can edit posts older than 7 days!busy.org77
@curtwriterApp stops and exits when I try to key in Hashtagssteepshot0

This week we had more contributions since the start of the weekly overviews than we've had in any other week. There were 10 contributions, two times higher than last week's. There were 4 new contributors, which is twice the total number of new bug hunters that we had in the last 4 weeks.

Also, for the first time in a very long while, we had a staff pick. @fuzz-ai in his testing had observed that:

A carefully crafted hello_message sent can cause steemd to attempt allocating all available memory, causing it to crash.

To exploit the bug, a malicious witness connects to a steemd instance over the network (using the peer-to-peer protocol) and participates in the encryption handshake. When sending the normal hello_message, it populates the variant_object field with an ill-formed variant object.

A fuller writeup on the bug and how it was found can be read at https://steemit.com/software/@fuzz-ai/a-memory-exhaustion-attack-against-the-steem-blockchain

With the staff pick included, 7 reports were scored higher than 0. @sourovafrin and @razu788's reports were scored zero for being duplicates of an existing issue. @curtwriter's report was submitted to a project outside the whitelist, hence the score - zero.

Weekly Average Score and number of Contributions

bargraph 34.png

image.png

We can see that the average score of 70.71 is approximately 13% higher than the 11 week average of 61.29. This week's average is 9.42 higher than the 11-week average and 8.21 higher than last week's average of 62.5.

Hunter Totals and Average

.


bargraph 36.png


bargraph 37.png

This week we had 4 new contributors - @fuzz-ai, @harry-heightz, @curtwriter, @razu788.

@mightypanda and @blockchainstudio submitted two reports each. Mightypanda is the top contributor with 6 finds.

7 contributors have an average reward score of 61.29 or above, over the past 11 weeks.

Reports Reviewed By Reviewer

bargraph 38.png

bargraph 39.png

The 35 contributions received by the category in the past 10 weeks were assessed by 4 reviewers. 26 of the reports were rewarded and scored higher than 0.

  • @sachincool have now reviewed 2 contributions with an average score of 40.
  • @fego have reviewed 21 contributions with an average score of 62.41.
  • @tobias-g have reviewed 10 contributions with an average score of 56.5.
  • @crokkon have reviewed 2 contributions, with an average score of 85.

Other items

In the absence of other news, the category with the help of espoem is looking forward to implementing new guidelines to replace the existing whitelist that will let contributors submit bug reports to projects outside the steem and the whitelist.

While the new guidelines are yet to be implemented, bug-hunters and open source enthusiasts looking to help open source projects, please take a look at our whitelist of projects that you can submit bug reports for:

https://docs.google.com/spreadsheets/d/1S7ayFTEy5CBMyeJvFRgq5JUjlqZxFjWAWhhrBL0GC60/edit#gid=1954068373

If you wish to have your open source projects added to our whitelist you can contact us on our help channel at our discord server. You can also leave your questions and comments below :)

Thanks

@fego

#iamutopian #bug-hunting #analysis
6 years ago in #utopian-io by
$40.21
  • Past Payouts $40.21, 0.00 TRX
  • - Author $30.16, 0.00 TRX
  • - Curators $10.06, 0.00 TRX
105 votes
Reply 8
Sort:  
  • Trending
    • [-]
     6 years ago (edited)

    Hello @fego,

    Thank you for providing the weekly report for the Bug-hunting category. It appears the Christmas week was a better week for the category. It has been long the category received 10 contributions in a week. Also, it's good that there was a staff pick within the bug contributions.
    I think the chart for the Bug- hunting 11-weeks average score is incorrect. According to your last report, the average score was 62.5 and the average score for this week is 70.71. But, the bar for week 51 is longer than week 52 which is 70.71. Anyway, I appreciate the effort put in writing this weekly overview.

    Thank you and happy new year.

    Please note that while the CM hasn't changed the footer, I am not scoring #iamutopian posts based on the questionnaire. They have their own metric, and that will be the case until we go live with the new guidelines and new questionnaire, which will be comprehensive enough to reflect these types of posts.

    Your contribution has been evaluated according to Utopian policies and guidelines, as well as a predefined set of questions pertaining to the category.

    To view those questions and the relevant answers related to your post, click here.

    Need help? Write a ticket on https://support.utopian.io/.
    Chat with us on Discord.
    [utopian-moderator]

    [-]
     6 years ago 

    Thanks for the review. Instead of 70.71 the last bar had the value of 61.29, which was a mistake cause 61.29 is the total average score for 11 weeks and not the average score for week 52.

    I have edited and corrected the mistake. Thanks again for the review :)

    [-]
     6 years ago 

    Thank you for your review, @tykee! Keep up the good work!

    $0.00
      Reply
      [-]
       6 years ago 

      Hi @fego!

      Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
      Your post is eligible for our upvote, thanks to our collaboration with @utopian-io!
      Feel free to join our @steem-ua Discord server

      $0.02
      • Past Payouts $0.02, 0.00 TRX
      • - Author $0.02, 0.00 TRX
      • - Curators $0.01, 0.00 TRX
      1 vote
      Reply
      [-]
       6 years ago 

      thank you for your reviews and nice summary. happy new year!

      $0.00
        Reply
        [-]
         6 years ago 

        Congratulations! Your post has been selected as a daily Steemit truffle! It is listed on rank 23 of all contributions awarded today. You can find the TOP DAILY TRUFFLE PICKS HERE.

        I upvoted your contribution because to my mind your post is at least 11 SBD worth and should receive 123 votes. It's now up to the lovely Steemit community to make this come true.

        I am TrufflePig, an Artificial Intelligence Bot that helps minnows and content curators using Machine Learning. If you are curious how I select content, you can find an explanation here!

        Have a nice day and sincerely yours,
        trufflepig
        TrufflePig

        $0.00
          Reply
          [-]
           6 years ago 

          Hey, @fego!

          Thanks for contributing on Utopian.
          We’re already looking forward to your next contribution!

          Get higher incentives and support Utopian.io!
          Simply set @utopian.pay as a 5% (or higher) payout beneficiary on your contribution post (via SteemPlus or Steeditor).

          Want to chat? Join us on Discord https://discord.gg/h52nFrV.

          Vote for Utopian Witness!

          $0.00
            Reply
            [-]
             6 years ago 

            Congratulations @fego! You have completed the following achievement on the Steem blockchain and have been rewarded with new badge(s) :

            You received more than 2000 as payout for your posts. Your next target is to reach a total payout of 3000

            Click here to view your Board
            If you no longer want to receive notifications, reply to this comment with the word STOP

            Support SteemitBoard's project! Vote for its witness and get one more award!

            $0.00
              Reply

              Coin Marketplace

              STEEM 0.20
              TRX 0.13
              JST 0.029
              BTC 67467.65
              ETH 3470.01
              USDT 1.00
              SBD 2.71