From d4bfeac17d4659492d45c1eb33777bfd025883cb Mon Sep 17 00:00:00 2001
From: Victor Suzdalev <victor.suzdalev@gmail.com>
Date: Sat, 22 May 2021 17:06:13 +0300
Subject: [PATCH 1/3] Add bug bounty note

---
 bugbounty.md | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 bugbounty.md

diff --git a/bugbounty.md b/bugbounty.md
new file mode 100644
index 00000000..d316ee24
--- /dev/null
+++ b/bugbounty.md
@@ -0,0 +1,11 @@
+# Bug Bounties with Immunefi
+
+## Overview
+
+This bug bounty document verifies that Lido hosts a bug bounty on Immunefi at the address [https://immunefi.com/bounty/lido/](https://immunefi.com/bounty/lido/).
+
+If you have found a vulnerability in our project, it must be submitted through [Immunefi's platform](https://immunefi.com/). Immunefi will handle bug bounty communications.
+
+See the bounty page at Immunefi for more details on accepted vulnerabilities, payout amounts, and rules of participation.
+
+Users who violate the rules of participation will not receive bug bounty payouts and may be temporarily suspended or banned from the bug bounty program.

From 8b446ddf8f782cb73b9e7422c6fde2e3c84d5fa0 Mon Sep 17 00:00:00 2001
From: x88 <elnair.rnd@gmail.com>
Date: Sun, 23 May 2021 12:21:04 +0300
Subject: [PATCH 2/3] - Added length validation for "--username" option - Moved
 "magic numbers" to config.go constants

---
 cmd/dc4bc_d/main.go                           | 10 ++++++++++
 fsm/config/config.go                          | 18 ++++++++++++++----
 .../requests/signature_proposal_validation.go | 19 +++++++++++--------
 3 files changed, 35 insertions(+), 12 deletions(-)

diff --git a/cmd/dc4bc_d/main.go b/cmd/dc4bc_d/main.go
index bce2e6f2..06308572 100644
--- a/cmd/dc4bc_d/main.go
+++ b/cmd/dc4bc_d/main.go
@@ -3,6 +3,7 @@ package main
 import (
 	"context"
 	"fmt"
+	"github.com/lidofinance/dc4bc/fsm/config"
 	"log"
 	"os"
 	"os/signal"
@@ -90,6 +91,15 @@ func genKeyPairCommand() *cobra.Command {
 		Short: "generates a keypair to sign and verify messages",
 		RunE: func(cmd *cobra.Command, args []string) error {
 			username := viper.GetString(flagUserName)
+
+			if len(username) < config.UsernameMinLength {
+				return fmt.Errorf("\"username\" minimum length is %d", config.UsernameMinLength)
+			}
+
+			if len(username) > config.UsernameMaxLength {
+				return fmt.Errorf("\"username\" maximum length is %d", config.UsernameMaxLength)
+			}
+
 			keyStoreDBDSN := viper.GetString(flagStoreDBDSN)
 
 			keyPair := client.NewKeyPair()
diff --git a/fsm/config/config.go b/fsm/config/config.go
index 219a4f08..7713e833 100644
--- a/fsm/config/config.go
+++ b/fsm/config/config.go
@@ -3,8 +3,18 @@ package config
 import "time"
 
 const (
-	ParticipantsMinCount                  = 2
-	SignatureProposalConfirmationDeadline = time.Hour * 24 * 7
-	DkgConfirmationDeadline               = time.Hour * 24 * 7
-	SigningConfirmationDeadline           = time.Hour * 24 * 7
+	// Signature proposal
+	UsernameMinLength                         = 3
+	UsernameMaxLength                         = 15
+	ParticipantPubKeyMinLength                = 10
+	DkgPubKeyMinLength                        = 10
+	SignatureProposalSigningThresholdMinCount = 2
+	ParticipantsMinCount                      = 2
+	SignatureProposalConfirmationDeadline     = time.Hour * 24 * 7
+
+	// DKG
+	DkgConfirmationDeadline = time.Hour * 24 * 7
+
+	// Signing
+	SigningConfirmationDeadline = time.Hour * 24 * 7
 )
diff --git a/fsm/types/requests/signature_proposal_validation.go b/fsm/types/requests/signature_proposal_validation.go
index ebe2702d..dfdc68e4 100644
--- a/fsm/types/requests/signature_proposal_validation.go
+++ b/fsm/types/requests/signature_proposal_validation.go
@@ -12,8 +12,11 @@ func (r *SignatureProposalParticipantsListRequest) Validate() error {
 		return fmt.Errorf("too few participants, minimum is {%d}", config.ParticipantsMinCount)
 	}
 
-	if r.SigningThreshold < 2 {
-		return errors.New("{SigningThreshold} minimum count is {2}")
+	if r.SigningThreshold < config.SignatureProposalSigningThresholdMinCount {
+		return fmt.Errorf(
+			"{SigningThreshold} minimum count is {%d}",
+			config.SignatureProposalSigningThresholdMinCount,
+		)
 	}
 
 	if r.SigningThreshold > len(r.Participants) {
@@ -29,19 +32,19 @@ func (r *SignatureProposalParticipantsListRequest) Validate() error {
 	}
 
 	for _, participant := range r.Participants {
-		if len(participant.Username) < 3 {
-			return errors.New("{Username} minimum length is {3}")
+		if len(participant.Username) < config.UsernameMinLength {
+			return fmt.Errorf("{Username} minimum length is {%d}", config.UsernameMinLength)
 		}
 
-		if len(participant.Username) > 150 {
-			return errors.New("{Username} maximum length is {150}")
+		if len(participant.Username) > config.UsernameMaxLength {
+			return fmt.Errorf("{Username} maximum length is {%d}", config.UsernameMaxLength)
 		}
 
-		if len(participant.PubKey) < 10 {
+		if len(participant.PubKey) < config.ParticipantPubKeyMinLength {
 			return errors.New("{PubKey} too short")
 		}
 
-		if len(participant.DkgPubKey) < 10 {
+		if len(participant.DkgPubKey) < config.DkgPubKeyMinLength {
 			return errors.New("{DkgPubKey} too short")
 		}
 	}

From 9800c20c1e3c4c462674b574453745ad58eb8fa5 Mon Sep 17 00:00:00 2001
From: x88 <elnair.rnd@gmail.com>
Date: Sun, 23 May 2021 16:42:36 +0300
Subject: [PATCH 3/3] - Changed username max length

---
 fsm/config/config.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fsm/config/config.go b/fsm/config/config.go
index 7713e833..ba2f1e39 100644
--- a/fsm/config/config.go
+++ b/fsm/config/config.go
@@ -5,7 +5,7 @@ import "time"
 const (
 	// Signature proposal
 	UsernameMinLength                         = 3
-	UsernameMaxLength                         = 15
+	UsernameMaxLength                         = 150
 	ParticipantPubKeyMinLength                = 10
 	DkgPubKeyMinLength                        = 10
 	SignatureProposalSigningThresholdMinCount = 2