Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Customminer

Pages: [1] 2 3 4 5 6 7 8 ... 42
1
General Discussion / Re: why not borrowing?
« on: June 11, 2019, 07:10:21 pm »
If CEX offered the ability to borrow bitCNY using BTS directly on their CEX (borrowing on BTS DEX on their behalf) perhaps you'd see more borrowers?

2
General Discussion / Re: why not borrowing?
« on: June 09, 2019, 12:56:09 pm »
I prefer the Norns over FIAT pegged bitassets. 👍

3
The quantity of Norn price feed publishers is dropping, I'd greatly appreciate price feed participation. There's peak value buy orders in to the tune of ~1M BTS at the moment, that would result in 2M BTS being locked up as collateral at reduced GS risk. Hoping other active witnesses take an interest soon 👍

4
HackTheDex's 2nd WP is now active!🎉

5
Bump! Still seeking active price feed publishers for the Norns

6
Can you make sure to film the speakers? Thanks

7
Stakeholder Proposals / Re: [Worker] Integration of BTS with Wirex
« on: May 10, 2019, 02:41:31 pm »
If we go ahead with this WP, will subsequent integrations (bitUSD, bitEUR, ..) cost just as much? Or do you think we can get a discount? Got my card in the mail 👌

8
Stakeholder Proposals / Re: [Witness proposal] zbbtsbp
« on: May 06, 2019, 05:52:30 pm »
What assets will you provide price feeds for?

9
Stakeholder Proposals / Re: [Worker] Integration of BTS with Wirex
« on: May 06, 2019, 05:50:14 pm »
Just verified and ordered my wirex card, ordering anything online with a debit card & a crypto balance is pretty cool.

10
looks good, how much funding would your worker proposal require?

11
Can I request some changes to the wp doc?

Quote
Several critical reports have been submitted and fixed through HackTheDex, proof for its value and necessity.
In terms of Owasp vulnerability ratings, HTD auditors have not yet rated any publicly disclosed vulnerabilities as critical, so this is an inaccurate claim to make.

Quote
The proposal will use allocated funds to reward those that step forward with exploits, relative to the overall risk assessment of the exploit.

Do you want vulnerability disclosure reports, or are you requesting the full development of weaponized exploits?

By the owasp rating guide, two vulnerability factors (https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology#Vulnerability_Factors) incentivize the creation of automated metasploit modules.

Quote
How the vulnerability is scored, and the methods used to determine the score, are at the sole discretion of the panel chosen to audit the report

Since you're using the owasp vulnerability rating system, there shouldn't be undisclosed deviation from this scoring mechanism. I get not disclosing details before they're mitigated, but this comes off as a clause to avoid reporters successfully contesting low vulnerability ratings.

---

A couple issues I had with the previous HTD worker proposal:

  • The turnaround time from submitting report to being in receipt of reward is multiple months. It's discouraging to wait months with an unknown payout status; if there was a faster turnaround time then researchers would be more confident in dedicating time towards HTD.
  • Reports which aren't vulnerabilities don't get responses & you can't check on progress of any submitted reports without manual telegram/email communications every couple weeks. Rejection emails would be great.
  • There has been no news update since late July 2018 nor changes to the website aside from populated reports/leaderboard/receipts. The organizer of the first HTD WP left the role & this role was filled by another community member without a blog update. What happened to Matt?
  • One of my submissions broke the submission form, resulting in a partial report submission. Bug report for your bug report.
  • Final scores for vulnerabilities are not disclosed, only the grade category for Likelihood, Impact & Severity. This further distances the researcher from contesting low rewards. A simple final_owasp_rating:reward calculation would make researchers reward expectations more realistic months before final payout. The full disclosure of vulnerability details (inc final score) is an industry standard practiced by nvd.nist.gov , cvedetails.com and vuldb.com (etc..) which HTD aught to replicate so as to be more transparent.
  • It's the researcher's responsibility to report the vulnerability to nist/cvedetails/vuldb; HTD should take the initiative to boast about solved vulnerabilities to potentially attract veteran security researchers (and potentially devs/investors). Bitcoin has vulnerability reports on these websites.
  • Report 20180918A (reflected XSS vuln) has a high impact, whereas 20180728A (stored XSS vuln) and 20180801A (stored XSS vuln) have Medium impacts. Regardless of how they trigger (stored/reflected) the end result is identical (XSS attack). I believe that 20180728A and 20180801A aught to have been higher ranked & rewarded.

---

I love the HTD WP concept & don't hold any malice against anyone nor intend to grief/troll, I wish to simply improve the HTD process. I'll be voting to support this WP and hope that the above information helps.

Cheers.










12
General Discussion / Re: Developing a bitAsset research program
« on: April 30, 2019, 08:01:23 pm »
Will 'privatized' mpa (non committee owned smartcoins) be in scope? Or just normal FIAT pegged MPA?

You're talking about ones like HERO and HERTZ? Insofar as they're governed by the same mechanisms that govern the committee-managed smartcoins, this project will talk about the private MPAs as well.

Yeah I meant HERO & HERTZ, but also the Norns: https://github.com/BTS-CM/Norns
http://cryptofresh.com/a/URTHR
https://cryptofresh.com/a/SKULD
https://cryptofresh.com/a/VERTHANDI

I think there's great room for innovation with algorithm based asset on the Bitshares platform.

There's also the idea of using multiple assets as backing collateral for a single MPA: https://github.com/bitshares/bsips/issues/100

13
General Discussion / Re: vote witness : ioex,Get dividends
« on: April 29, 2019, 12:21:40 am »
Which MPA are you planning on publishing price feeds for?

14
General Discussion / Re: Developing a bitAsset research program
« on: April 29, 2019, 12:08:01 am »
Will 'privatized' mpa (non committee owned smartcoins) be in scope? Or just normal FIAT pegged MPA?

15
A witness is not a staking supernode.

Let it be it

Why? Witnesses already get paid for their role.

Pages: [1] 2 3 4 5 6 7 8 ... 42