Responsible Disclosure – Hive-Engine Exploit

in #hive-engine5 months ago (edited)

Recent Contributions to Hive-Engine Security and Development

Together with Endecs, we have recently contributed in two distinct and significant ways to the Hive-Engine ecosystem:

a. Security Vulnerability Discovery and Responsible Disclosure
We discovered a critical exploit within Hive-Engine that, if abused, could have caused severe damage to the platform. Rather than using the exploit for personal gain, we acted responsibly by immediately reporting the issue to Cryptomancer and Eon.

Alongside the disclosure, we provided:

  • A detailed technical analysis of the vulnerability

  • Suggested hotfixes to immediately mitigate the risk

  • Long-term strategies to prevent similar issues in the future

As agreed with the Hive-Engine team, we are not disclosing the technical details publicly at this time. Further information can be shared privately with authorized parties if necessary.

b. Pull Request: Performance and Feature Enhancements
In addition to our security work, we also submitted a pull request with key improvements to the Hive-Engine smart contracts:

🔗 MarketContract Updates – Pull Request #91

Highlights:

  • New Table: market_openOrders — dynamically populated

  • Market Orders Limit: Capped at 200 (buy/sell only)

  • Fetched Orders Limit: Reduced from 1000 to 25 to improve performance (with dynamic pagination if more are needed)

  • Smart Contract Enhancements:

  • Added count to avoid fetching entire datasets just to get document counts

  • $inc support for efficient value increments

  • Testing: Extended test coverage to validate all changes

Compensation Request

Given the severity of the exploit and the quality of our contributions, we are respectfully requesting a bounty of 240 BEE tokens per day for six months (split evenly between Bamlolx and Endecs).

We believe that:

We believe the exploit alone represents a value significantly higher than the compensation we are requesting.

Our technical contributions provide tangible improvements to performance and contract functionality

We are proud to support the long-term health and security of Hive-Engine and hope our efforts are recognized accordingly.

With respect,
Bamlolx & Endecs

#proposal
5 months ago in #hive-engine by
$0.28
  • Past Payouts $0.28
  • - Author $0.14
  • - Curators $0.14
38 votes
Reply 1
Sort:  
  • Trending
    • [-]
     5 months ago  

    Congratulations @bamlolxendecs! You have completed the following achievement on the Hive blockchain And have been rewarded with New badge(s)

    You received more than 10 upvotes.
    Your next target is to reach 50 upvotes.

    You can view your badges on your board and compare yourself to others in the Ranking
    If you no longer want to receive notifications, reply to this comment with the word STOP

    Check out our last posts:

    Our Hive Power Delegations to the April PUM Winners
    Feedback from the May Hive Power Up Day
    Hive Power Up Month Challenge - April 2025 Winners List
    $0.00
      Reply