Steem [HF19] Possible reward pool gaming by cycling delegations

in #utopian-io3 years ago (edited)
Sort:  

Thank you for contributing to Utopian!

This is an outstanding post. A highly details report, covering the bug from detection, through possible solutions and it was implemented in HF20. In my opinions, exploits are the 1st priority bugs for any product. This is obviously even more critical in projects such as steem, which are essentially banks. It's fun reading the report, and a real joy to review it. But even as an overjoyed spectator, I couldn't help but notice this:

Please refrain from such language in the future. Reading issues in github shouldn't trigger anyone. With that said, I'll be counting the seconds till your next contribution. What a ride this report was. Awesome sauce dude.

Your contribution has been evaluated according to Utopian policies and guidelines, as well as a predefined set of questions pertaining to the category.

To view those questions and the relevant answers related to your post, click here.


Need help? Write a ticket on https://support.utopian.io/.
Chat with us on Discord.
[utopian-moderator]

Thank you for kind words.

The title in the github issue.. I'm not sure if I remember clearly what word I've used, but I can imagine which it was. Sorry for that. Because english is not my first language I forgot that this word is kind of disturbing.

I'm very interested in math so if I find more issues I will report them for sure :)

Hi @achiron,

may I know the reason why this was approved? As you said the bug is already fixed. This implied the developers already knew about it. So am I allowed to report bugs which are already fixed?

Kind regards

The Secret Service

@secret.service, if you read the github issue and the HF20 post you will see that they fixed it because he reported it. He made it happen.

Hi @archion,

Ok. I see. But the issue was created in May and closed in June. Can I report bugs even if they are older than 14 days and already fixed?

Kind regards

The Secret Service

Well, I didn't report the issue faster to utopian because I thought it is dangerous to tell publicly about this exploit. But then I saw steemitblog already published the info so I decided I can do it to.

Hi,

I fully understand your point but this does not answer my question from above. Can I report bugs which were closed months before?

Kind regards,

The Secret Service

Pretty sure the 14 day rule doesn't apply to bug fixes. As long as the application is on the latest version then it is acceptable. I went and reviewed the guidelines because I also was confused on this point. Though that raises the question of whether or not someone can just report a bug from an application that hasn't been updated in months.

Hi,

Thank you for the feedback. Maybe I can ask someone at utopian for help here.

Kind regards

The Secret Service

Hey @achiron
Here's a tip for your valuable feedback! @Utopian-io loves and incentivises informative comments.

Contributing on Utopian
Learn how to contribute on our website.

Want to chat? Join us on Discord https://discord.gg/h52nFrV.

Vote for Utopian Witness!

Hey @rafalski
Thanks for contributing on Utopian.
Congratulations! Your contribution was Staff Picked to receive a maximum vote for the bug-hunting category on Utopian for being of significant value to the project and the open source community.

We’re already looking forward to your next contribution!

Want to chat? Join us on Discord https://discord.gg/h52nFrV.

Vote for Utopian Witness!

Thanks so much for you work