Open
Description
The goal of this bounty is to compromise the Actor security model. Convex depends on a security model such that the only code that should be executed in the Actor's context is code deployed or permitted to be executed by the Actor itself.
Requirements:
- Must show the ability to execute arbitrary CVM code in the Actor's security context (i.e. using the
*address*of the Actor, such as transfering coins away from the Actor's Account) - May be demonstrated with any Actor deployed on the test network (you may deploy your own)
- Must not exploit a flaw in the Actor's code (e.g. creating an Actor which calls
evalon untrusted user input) - this would be considered a flaw in the Actor implementation rather than the CVM security model.