|
|
@@ -34,74 +34,6 @@ contract MyContract is Ownable {
|
|
|
|
|
|
> NOTE: The current distribution channel is npm, which is not ideal. [We're looking into providing a better tool for code distribution](https://github.com/OpenZeppelin/zeppelin-solidity/issues/13), and ideas are welcome.
|
|
|
|
|
|
-## Add your own bounty contract
|
|
|
-
|
|
|
-To create a bounty for your contract, inherit from the base Bounty contract and provide an implementation for `deployContract()` returning the new contract address.
|
|
|
-
|
|
|
-```
|
|
|
-import "./zeppelin/Bounty.sol";
|
|
|
-import "./YourContract.sol";
|
|
|
-
|
|
|
-contract YourBounty is Bounty {
|
|
|
- function deployContract() internal returns(address) {
|
|
|
- return new YourContract()
|
|
|
- }
|
|
|
-}
|
|
|
-```
|
|
|
-
|
|
|
-### Implement invariant logic into your smart contract
|
|
|
-
|
|
|
-At contracts/YourContract.sol
|
|
|
-
|
|
|
-```
|
|
|
-contract YourContract {
|
|
|
- function checkInvariant() returns(bool) {
|
|
|
- // Implement your logic to make sure that none of the state is broken.
|
|
|
- }
|
|
|
-}
|
|
|
-```
|
|
|
-
|
|
|
-### Deploy your bounty contract as usual
|
|
|
-
|
|
|
-At `migrations/2_deploy_contracts.js`
|
|
|
-
|
|
|
-```
|
|
|
-module.exports = function(deployer) {
|
|
|
- deployer.deploy(YourContract);
|
|
|
- deployer.deploy(YourBounty);
|
|
|
-};
|
|
|
-```
|
|
|
-
|
|
|
-### Add a reward to the bounty contract
|
|
|
-
|
|
|
-After deploying the contract, send rewards money into the bounty contract.
|
|
|
-
|
|
|
-From `truffle console`
|
|
|
-
|
|
|
-```
|
|
|
-address = 'your account address'
|
|
|
-reward = 'reward to pay to a researcher'
|
|
|
-
|
|
|
-web3.eth.sendTransaction({
|
|
|
- from:address,
|
|
|
- to:bounty.address,
|
|
|
- value: web3.toWei(reward, "ether")
|
|
|
-}
|
|
|
-
|
|
|
-```
|
|
|
-
|
|
|
-### Researchers hack the contract and claim their reward.
|
|
|
-
|
|
|
-For each researcher who wants to hack the contract and claims the reward, refer to our [test](./test/Bounty.js) for the detail.
|
|
|
-
|
|
|
-### Ends the contract
|
|
|
-
|
|
|
-If you manage to protect your contract from security researchers and wants to end the bounty, kill the contract so that all the rewards go back to the owner of the bounty contract.
|
|
|
-
|
|
|
-```
|
|
|
-bounty.kill()
|
|
|
-```
|
|
|
-
|
|
|
#### Truffle Beta Support
|
|
|
We also support Truffle Beta npm integration. If you're using Truffle Beta, the contracts in `node_modules` will be enough, so feel free to delete the copies at your `contracts` folder. If you're using Truffle Beta, you can use Zeppelin contracts like so:
|
|
|
|
|
|
@@ -115,6 +47,7 @@ contract MyContract is Ownable {
|
|
|
|
|
|
For more info see [the Truffle Beta package management tutorial](http://truffleframework.com/tutorials/package-management).
|
|
|
|
|
|
+
|
|
|
## Security
|
|
|
Zeppelin is meant to provide secure, tested and community-audited code, but please use common sense when doing anything that deals with real money! We take no responsibility for your implementation decisions and any security problem you might experience.
|
|
|
|
|
|
@@ -295,5 +228,73 @@ Creates tokens based on message value and credits to the recipient.
|
|
|
#### getPrice() constant returns (uint result)
|
|
|
Returns the amount of tokens per 1 ether.
|
|
|
|
|
|
+
|
|
|
+### Bounty
|
|
|
+To create a bounty for your contract, inherit from the base `Bounty` contract and provide an implementation for `deployContract()` returning the new contract address.
|
|
|
+
|
|
|
+```
|
|
|
+import "./zeppelin/Bounty.sol";
|
|
|
+import "./YourContract.sol";
|
|
|
+
|
|
|
+contract YourBounty is Bounty {
|
|
|
+ function deployContract() internal returns(address) {
|
|
|
+ return new YourContract()
|
|
|
+ }
|
|
|
+}
|
|
|
+```
|
|
|
+
|
|
|
+Next, implement invariant logic into your smart contract
|
|
|
+
|
|
|
+At contracts/YourContract.sol
|
|
|
+
|
|
|
+```
|
|
|
+contract YourContract {
|
|
|
+ function checkInvariant() returns(bool) {
|
|
|
+ // Implement your logic to make sure that none of the state is broken.
|
|
|
+ }
|
|
|
+}
|
|
|
+```
|
|
|
+
|
|
|
+Next, deploy your bounty contract along with your main contract to the network.
|
|
|
+
|
|
|
+At `migrations/2_deploy_contracts.js`
|
|
|
+
|
|
|
+```
|
|
|
+module.exports = function(deployer) {
|
|
|
+ deployer.deploy(YourContract);
|
|
|
+ deployer.deploy(YourBounty);
|
|
|
+};
|
|
|
+```
|
|
|
+
|
|
|
+Next, add a reward to the bounty contract
|
|
|
+
|
|
|
+After deploying the contract, send reward funds into the bounty contract.
|
|
|
+
|
|
|
+From `truffle console`
|
|
|
+
|
|
|
+```
|
|
|
+bounty = YourBounty.deployed();
|
|
|
+address = 0xb9f68f96cde3b895cc9f6b14b856081b41cb96f1; // your account address
|
|
|
+reward = 5; // reward to pay to a researcher who breaks your contract
|
|
|
+
|
|
|
+web3.eth.sendTransaction({
|
|
|
+ from: address,
|
|
|
+ to: bounty.address,
|
|
|
+ value: web3.toWei(reward, "ether")
|
|
|
+})
|
|
|
+
|
|
|
+```
|
|
|
+
|
|
|
+If researchers break the contract, they can claim their reward.
|
|
|
+
|
|
|
+For each researcher who wants to hack the contract and claims the reward, refer to our [test](./test/Bounty.js) for the detail.
|
|
|
+
|
|
|
+Finally, if you manage to protect your contract from security researchers, you can reclaim the bounty funds. To end the bounty, kill the contract so that all the rewards go back to the owner.
|
|
|
+
|
|
|
+```
|
|
|
+bounty.kill();
|
|
|
+```
|
|
|
+
|
|
|
+
|
|
|
## License
|
|
|
Code released under the [MIT License](https://github.com/OpenZeppelin/zeppelin-solidity/blob/master/LICENSE).
|
Manuel Araoz