Back to Bounties / Wallet & Transactions / Details

Smart Contract Transaction Failure 🔥

Wallet & Transactions
🔥 Critical Severity
💰 $50 - $100
🚀 Report This Bug
📖

Bug Description

CRITICAL SECURITY ISSUE

Financial transaction failures with direct monetary impact

Vulnerability Categories
Transaction States
  • Stuck/pending blockchain transactions
  • Incorrect balance reconciliation
  • Failed deposits/withdrawals
Security Flaws
  • Double-spend vulnerabilities
  • Reentrancy attacks
  • Authorization bypasses
🎯

Eligibility Criteria

Mandatory Requirements:
Testing Protocol: Use testnet only. Never test with mainnet funds exceeding $10 USD equivalent.
  1. Transaction hash from blockchain explorer required
  2. Proof of non-network congestion (gas tracking)
  3. Clear demonstration of fund loss/risk
  4. Verifiable contract address and method
📋

Submission Requirements

🔍

Detailed Description

Provide a comprehensive description of the bug, including what it does, who is affected, and when it occurs.

🔧

Reproduction Steps

Step-by-step instructions to reproduce the bug. Number each step clearly.

⚖️

Expected vs Actual

Clearly state what should happen vs what actually happens due to the bug.

📎

Evidence Required

Must include supporting evidence as specified below.

📎

Required Evidence

The following types of evidence must be included in your submission:

🔗 Transaction hash 🔄 Before after screenshots 📄 Contract address 🎥 Video recording
📝

Submission Template

Critical Issue Report Requirements:
Mandatory Report Components:
  • Contract Address: Full smart contract address where vulnerability exists
  • Transaction Hash: Blockchain transaction ID demonstrating the issue
  • Vulnerability Type: Classification (Reentrancy, Integer Overflow, Access Control, Logic Error)
  • Impact Assessment: Detailed analysis of potential financial loss and risk scope
  • Proof of Concept: Step-by-step reproduction instructions with code examples if applicable
Example Security Report Format:

Vulnerability: Reentrancy attack in withdraw() function

Contract: 0x742d35Cc6634C0532925a3b844Bc9e2e0C0f6A1d

TX Hash: 0x8d5c7c8a9b4c2d3e1f6a5b4c3d2e1f8a7b6c5d4e3f2a1b8c7d6e5f4a3b2c1d0e9f

Impact: Allows malicious contract to drain funds before balance update

POC: 1. Deploy malicious contract 2. Call vulnerable function 3. Observe repeated withdrawals

⏱️

Processing Timeline

Within 24 hours
Initial review and acknowledgment of your report
3-5 days
Detailed assessment by security team
7-14 days
Resolution and reward processing
💬

Was this helpful?

📈 Bounty Stats

💰
0
Reports
24h
Avg. Response
High
Priority
🏆
1
Total in Category

🚀 Ready to Report?

Found this bug? Submit a detailed report to earn rewards and help secure our platform.

🚀 Report This Bug