This is a report on the weekly contributions to the bug hunting category. The post contains basic stats like the number of contributions received by the category, an excerpt on new contributors if there are any and a detailed comparison of the week's output with previous weeks.
Previous Reports
- Weekly overview of the bug-hunting category- week 44, 2018
- Weekly overview of the bug-hunting category- week 45, 2018
- Weekly overview of the bug-hunting category- week 46, 2018
- Weekly overview of the bug-hunting category- week 47, 2018
- Weekly overview of the bug-hunting category- week 48, 2018
- Weekly overview of the bug-hunting category- week 49, 2018
- Weekly overview of the bug-hunting category- week 50, 2018
- Weekly overview of the bug-hunting category- week 51, 2018
Bug hunting contributions summary
- Week 52: December 20th - December 27th
- 10 Contributions, 7 scored higher than 0
- An average score of 70.71
- 8 unique contributors
- 4 new contributors - @fuzz-ai, @harry-heightz, @curtwriter, @razu788
The contributions
This week we had more contributions since the start of the weekly overviews than we've had in any other week. There were 10 contributions, two times higher than last week's. There were 4 new contributors, which is twice the total number of new bug hunters that we had in the last 4 weeks.
Also, for the first time in a very long while, we had a staff pick. @fuzz-ai in his testing had observed that:
A carefully crafted hello_message sent can cause steemd to attempt allocating all available memory, causing it to crash.
To exploit the bug, a malicious witness connects to a steemd instance over the network (using the peer-to-peer protocol) and participates in the encryption handshake. When sending the normal hello_message, it populates the variant_object field with an ill-formed variant object.
A fuller writeup on the bug and how it was found can be read at @fuzz-ai/a-memory-exhaustion-attack-against-the-steem-blockchain
With the staff pick included, 7 reports were scored higher than 0. @sourovafrin and @razu788's reports were scored zero for being duplicates of an existing issue. @curtwriter's report was submitted to a project outside the whitelist, hence the score - zero.
Weekly Average Score and number of Contributions
We can see that the average score of 70.71 is approximately 13% higher than the 11 week average of 61.29. This week's average is 9.42 higher than the 11-week average and 8.21 higher than last week's average of 62.5.
Hunter Totals and Average
.
This week we had 4 new contributors - @fuzz-ai, @harry-heightz, @curtwriter, @razu788.
@mightypanda and @blockchainstudio submitted two reports each. Mightypanda is the top contributor with 6 finds.
7 contributors have an average reward score of 61.29 or above, over the past 11 weeks.
Reports Reviewed By Reviewer
The 35 contributions received by the category in the past 10 weeks were assessed by 4 reviewers. 26 of the reports were rewarded and scored higher than 0.
- @sachincool have now reviewed 2 contributions with an average score of 40.
- @fego have reviewed 21 contributions with an average score of 62.41.
- @tobias-g have reviewed 10 contributions with an average score of 56.5.
- @crokkon have reviewed 2 contributions, with an average score of 85.
Other items
In the absence of other news, the category with the help of espoem is looking forward to implementing new guidelines to replace the existing whitelist that will let contributors submit bug reports to projects outside the steem and the whitelist.
While the new guidelines are yet to be implemented, bug-hunters and open source enthusiasts looking to help open source projects, please take a look at our whitelist of projects that you can submit bug reports for:
If you wish to have your open source projects added to our whitelist you can contact us on our help channel at our discord server. You can also leave your questions and comments below :)
Thanks