In a previous tutorial you learned how to create a bug bounty for a simple smart contract project on Bug Buster from scratch. For the sake of simplicity, a project with no external dependencies was chosen, but real projects commonly depend on one or more external dependencies.
As you may remember, Bug Buster expects bounties to be submitted in a particular format. All the necessary files (such as source code, binaries, etc.) must be bundled as an archive file with tar and compressed with xz. The final product should be a file with the .tar.xz
extension.
Therefore, you may conclude that for projects with external dependencies you should have only to include the dependencies' source code to the bundle. This logic is right, but there is a limit to the size of bundles that can be sent on-chain, which is around 95KiB, according to tests on Optimism Sepolia and Mainnet.
In order to avoid bundles from surpassing the size limit, Bug Buster already includes commonly used artifacts in its execution environment. For smart contract projects, Bug Buster provides the OpenZeppelin smart contract library out-of-the-box. The library contains ERC interfaces and implementations, as well as other utility libraries and contracts.
In this new tutorial you will learn how to prepare a project that depends on OpenZeppelin to be submitted as a bug bounty on Bug Buster.
As we did in the first tutorial, let's create the project from scratch.
counter
script/Counter.s.sol
and tests/Counter.t.sol
which are created by default, but will not be used in this tutorial.src
folder called Counter, which has a state variable called number
, whose value can be set by calling the function setNumber
and can be incremented by 1 calling the function increment
. See the code below.Ownable
contract from OpenZeppelin to restrict the setNumber
and increment
functions to the contract owner. For the sake of simplicity, we will assign the contract deployer as the initial owner. Substitute the contract's code for the one below.foundry.toml
file to add the remappings config.start.sh
) file. This script will deploy the Counter
contract and define the conditions to unlock the reward.Set the execution permission for this file using the following command:
chmod +x start.sh
setup-exec-env.sh
, which is the script that prepares Bug Buster's execution environment. Keep it with no modifications! Register
contract and its interface which will allow easy access the Counter
contract address.foundry.toml
file to change the remapping configuration in order to make the project to use Bug Buster's built-in installation for OpenZeppelin.tar.xz
file.0x5fd84259d66Cd46123540766Be93DFE6D43130D7
.counter-bounty.tar.xz
file.Now it's time to test if your bug bounty is running properly inside Bug Buster's execution environment!
increment
function.increment
function was called by an account which is not the Counter
contract owner.Thanks for following this tutorial and learn more about Bug Buster!
If you have any comments, suggestions and/or doubts, please don't hesitate to reach out through our Telegram development community or our X account.