Starting on January 11th, 2024.
An online educational series featuring three exclusive technical workshops hosted by the Euler team. Sign up below and be the first to receive exciting updates!
Find out more in the official announcement and the summary article.
About Euler x Encode Educate
-
Fully online and open for everyone to participate!
-
This programme gives you an opportunity to attend sessions hosted by Euler devs!
-
Attend the sessions in real time on Livestorm, or catch up via recordings.
-
Join the Discord to ask technical questions and get support from the Euler team.
-
If you attend most of the sessions, you’ll get an NFT certificate of completion!
-
Aside from the workshops, this Educate series will also offer two types of bounties. There will be a coding assignment after the second and the third workshop (more on that soon), and there will be a bug bounty—see below for the details—which offers up to $100k for finding critical bugs!
Past Events
Important dates
•
Launch: January 11th, 2024.
•
Workshops: January 11th, 16th and 18th!
•
Bounties: from January 11th to Feb 5th!
•
Programme concludes on Feb 5th 2024.
•
Win up to $100k through the EVC Bug Bounty Programme!
-
Background:
The Ethereum Vault Connector (EVC) represents a pivotal innovation in the world of decentralized finance. As a foundational layer, it is engineered to underpin the essential functions of a lending market, offering a stable and adaptable platform for development. The EVC stands out by its unique ability to facilitate interactions between various vaults. These vaults, conforming to the ERC-4626 interface, incorporate logic for seamless interfacing with other vaults, thus enhancing interoperability within the ecosystem.
Purpose and Importance:
At its core, the EVC simplifies and streamlines operations for core lending and borrowing contracts. By shouldering the complexity, it allows these contracts to concentrate on their unique features and capabilities. This not only fosters innovation but also ensures a higher degree of stability and security in financial operations. As the EVC prepares for its public release, our priority is to ensure its robustness and reliability.
Objective of the Bug Bounty Program:
The Euler EVC Bug Bounty Program is initiated with a clear objective: to harness the collective expertise of the community in identifying and addressing potential security vulnerabilities within the EVC. By engaging with skilled security researchers, ethical hackers, and the wider community, we aim to scrutinise the EVC for any weaknesses that could be exploited maliciously. This program serves as a proactive step towards fortifying the EVC’s security posture, ensuring it operates with the highest level of integrity and reliability in the decentralised finance landscape.
-
The bug bounty program focuses on the following components within the Ethereum Vault Connector (EVC) ecosystem:
In Scope:
Interfaces (IERC1271.sol , IEthereumVaultConnector.sol, IVault.sol)
Errors.sol
EthereumVaultConnector.sol
Events.sol
ExecutionContext.sol
Set.sol
TransientStorage.sol
Key Areas for Testing:
Security vulnerabilities in any of the listed contracts.
Functional flaws that could affect the integrity and reliability of the EVC.
Interactions between the contracts, especially concerning data handling and execution flow.
Out of Scope:
Vulnerabilities in third-party libraries not directly related to the EVC’s core contracts.
Issues related to the underlying blockchain protocol.
-
For the Euler EVC Bug Bounty Program, all bug reports should be submitted publicly through GitHub issues in a designated repository. This approach promotes transparency and collaborative problem-solving within the community. To maintain consistency and thoroughness in reporting, participants are required to use the following template for the report to be eligible for reward:
Bug Report Template for Public Submission:
Title: [Concise and Descriptive Title Reflecting the Bug]
1. Bug Description:
Summary: [A brief overview of the bug]
Details: [In-depth explanation of the bug, including how it impacts the system and possible consequences]
2. Criticality Assessment:
Severity: [Critical/High/Medium/Low]
Justification: [Reasoning behind the severity rating, considering potential impact on security, functionality, and user experience]
3. Proof of Concept (PoC):
Step-by-Step Reproduction: [Clear instructions on how to reproduce the bug]
Code/Screenshots: [Relevant code snippets or screenshots; GitHub gists can be used for longer code samples]
Environment Details: [Information about the environment where the bug was found, such as contract versions, tools used, etc.]
4. Impact Analysis:
Affected Components: [Specify the parts of the system that are impacted by the bug]
Potential Exploits: [Discuss how the bug could be potentially exploited and the implications]
5. Additional Information:
Consistency of Reproduction: [Indicate the frequency with which the bug can be reproduced]
Mitigation Suggestions: [Any recommendations for resolving or mitigating the bug]
6. Reporter's Contact:
GitHub Username: [Your GitHub username]
Email: [Your email for follow-up discussions]
-
Runnable Code: PoCs must be executable, demonstrating the bug in a controlled environment.
Documentation: Clear documentation of each step in the PoC, including setup, exploitation process, and impact demonstration.
Code Standards: The submitted PoC should follow best coding practices, be well-commented, and include any necessary configuration files or dependencies.
-
Critical Level: $50,000 to $100,000
High Level: $10,000 to $75,000
Medium Level: $10,000
Low Level: $1,000
-
Participants must comply with all legal requirements and not engage in any activity that could harm Euler, its users, or the EVC.
Failure to comply with can result in disqualification or legal action
-
To ensure the effectiveness and efficiency of the Euler EVC Bug Bounty Program, we include the following disclaimers and management guidelines:
Duplicate Reports:
First Report Priority: Only the first report of a specific vulnerability will be considered eligible for a reward. Subsequent reports of the same issue will be regarded as duplicates.
Public Repository Check: Before submitting a report, participants are required to check the GitHub repository to ensure the bug has not already been reported.
Duplicate Notification: If a report is determined to be a duplicate, the reporter will be notified accordingly.
Severity and Reward Discretion:
Severity Assessment: Euler reserves the right to determine the severity of each reported bug. This assessment will be based on the potential impact, exploitability, and other relevant factors.
Reward Allocation: Rewards for valid bug reports will be determined at the discretion of Euler, based on the assessed severity and in accordance with the reward structure outlined in the program.
Final Decision: The decisions made by Euler regarding severity classification and reward allocation are final and binding.
Responsible Reporting:
Collaborative Resolution: We encourage reporters to collaborate with the Euler team in resolving the identified issue, maintaining a constructive and cooperative approach.
These guidelines are established to manage the bug bounty process effectively, ensuring fair and orderly reporting and reward distribution. Participants are urged to adhere to these principles to contribute positively to the security and integrity of the Ethereum Vault Connector.
-
For additional documentation please refer to:
-
evcbugbounty@euler.xyz
Read more about the EVC Bug Bounty Programme here.