From caca41f855fed2ba9c05b2202cae83fb6ab5fdb0 Mon Sep 17 00:00:00 2001 From: Makoto Inoue Date: Thu, 27 Oct 2016 22:29:52 +0100 Subject: [PATCH] Add README --- README.md | 73 +++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 71 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8d8ac3bd4..8767c3e14 100644 --- a/README.md +++ b/README.md @@ -24,20 +24,89 @@ After that, you'll get all the library's contracts in the `contracts/zeppelin` f ```js import "./zeppelin/Rejector.sol"; -contract MetaCoin is Rejector { +contract MetaCoin is Rejector { ... } ``` > NOTE: The current distribution channel is npm, which is not ideal. [We're looking into providing a better tool for code distribution](https://github.com/OpenZeppelin/zeppelin-solidity/issues/13), and ideas are welcome. +## Add your own bounty contract + +So far you inherit Zeppelin contracts into your own contract through inheritance. +A bounty contract, however, is a special contract that is deployed on its own. +Each researcher creates a separate copy of your contract, and can claims bounty by breaking invariants logic on the copy of your contract without hacking your original contract. + +To use the bounty contract, please follow the below instruction. + +### Implement invariant logic into your smart contract + +At contracts/YourContract.sol + +``` +contract YourContract { + function checkInvariant() returns(bool){ + // Implement your logic to make sure that none of the state is broken. + } +} + +contract YourContractFactory { + function deployContract() returns (address) { + // This contract allows researchers to create a copy of your contract + return new YourContract(); + } +} +``` + +### Add the bounty contracts as well as your contracts into migrations + +At `migrations/2_deploy_contracts.js` + +``` +module.exports = function(deployer) { + deployer.deploy(YourContract); + deployer.deploy(YourContractFactory); + deployer.deploy(Bounty); +}; +``` + +### Add a reward to the bounty contract + +After deploying the contract, send rewards money into the bounty contract. + +From `truffle console` + +``` +address = 'your account address' +reward = 'reward to pay to a researcher' + +web3.eth.sendTransaction({ + from:address, + to:bounty.address, + value: web3.toWei(reward, "ether") +} + +``` + +### Researchers hack the contract and claim their reward. + +For each researcher who wants to hack the contract and claims the reward, refer to our [test](./test/Bounty.js) for the detail. + +### Ends the contract + +If you manage to protect your contract from security researchers and wants to end the bounty, kill the contract so that all the rewards go back to the owner of the bounty contract. + +``` +bounty.kill() +``` + #### Truffle Beta Support We also support Truffle Beta npm integration. If you're using Truffle Beta, the contracts in `node_modules` will be enough, so feel free to delete the copies at your `contracts` folder. If you're using Truffle Beta, you can use Zeppelin contracts like so: ```js import "zeppelin-solidity/contracts/Rejector.sol"; -contract MetaCoin is Rejector { +contract MetaCoin is Rejector { ... } ```