NEM Wallet Beta 2.4.2 - Bug bounty paid in XEM



  1. Go To Create Pool
  2. Change size of msg field



1.Go To Create Pool

AR: Able to create Vote without any Options
ER: Some validation error/warning



1.Go To Create Pool
2. Fill incorrect Calendar Date

E.R error/warning/restriction
A.R. Vote pool was successfully created

Date: 2017-06-31T14:57:00 --> June has 30days, The same for the rest of months and 28-29 of February.


Nanowallet Date/time validation syncs with computer Date/Time, which could be incorrect.
Need to add validation on some independent Date/Time place


Bug 10.

1.Go To Create Pool
2. Fill Calendar DateDate of ending: 06/30/2017 at 01:00AM for example

Its 06/30/2017 at 01:01AM now. System doesn’t allow me to vote.

  1. Change Date/Time on your computer (06/30/2017 at 00:55 AM) and you can Vote



1.Create pool with Date of ending +5min from current time
2. Go to your pool, select it and wait until your Date of ending passed.

E.R: you can’t vote
AR: You can vote

Need to add some Refresh section action at Date of ending time



1 Able to create vote with the duplicate options/empty–> Need to add some validation for it

  1. Able to create vote with the duplicate options/empty WhiteList Type --> Need to add some validation for it
  2. User able to vote many times until TX in unconfirmed status and refresh section



  1. Create pool with 20 Options and click Create

ER. Pool will be created
AR. Dead browser session



1 Create Pool with more that 10 Options
2. Go to your create pool --> Result tab

EX. See some data
AR I see load screen



  1. Able to input incorrect data in Date of Ending like 2017-55-55T14:57:00
  2. Pool will be created with another Date of ending: 08/24/2021 at 2:57PM

Please check test13 pool in TestNetwork


Hi @GetCOINtoday, thanks for all the messages. I’m going to try to address all of them here:

bug1-> This is weird, what the module does is check if there is a transaction from your address to any of the option addresses. Can you send me some more information? Does it happen with all the polls? What’s your address and what’s the poll address?

bug2-> Keeping the poll on the right may be confusing yes. I will take this into account and change it.

bug3-> Again what address does this happen on? Any poll?

bug4-> A refresh button for polls is a good idea, I will add it.

bug5-> The calendar field is an issue of compatibility. On chrome you will see a calendar and user friendly way to input date and time. But it’s an html5 element not yes supported by all browsers. datetime element. If you know of a better way of inputting datetime that’s supported by all browsers please let me know. AS of now if you are on a browser that doesn’t support it you have to input the datetime as a string

bug6-> I will look into that

bug7-> I will add a check for polls without options, I agree there is no reason anybody would do that

bug8-> Inputting datetime is such a headache. I will try to fix this.

bug9-> The system time could maybe be validated, but I don’t think it’s really necessary, it should be a responsibility of the user. The user system time can not affect the results of polls or create any serious problem to the system. I will keep this in mind though as a possible feature.

bug10-> So, hw the system works is for every option on a poll an address is created, and sending a vote is just an empty transaction to that address. If you change the system time and send a vote it is just equivalent to sending an empty transaction manually to an option address from an ended poll. This doesn’t affect the results. When counting the votes of an ended poll only the transactions included on a block previous to the ending will count, and in counting only the poll doe matters, not the system time. So you can cheat the system, but it’s just a client cheat, it won’t affect the result and it’s equivalent to manually sending a transaction, since all addresses are public.

bug11-> Again, this vote wouldn’t matter on counting. But I will look into this one so to not confuse the users. Also, one should take into account that if you vote very close to the poll ending the vote may not be included in a block, since there is a time for confirmation. So even though the transaction was broadcasted before the ending it was confirmed after. There is no way I know of to fix this since the creation timestamp can be forged, but the confirmation block no.




About what you said that the results should be hidden for unended polls, this polls are created on the blockchain, so all the information is public. If we decided to hide it, people would be able to see it anyway on the block explorer or even create their fork of nanowallet that allows them to.

bug12/13-> Will look into that.

bug14-> Related to bug 8, I will test this and try to guess how the timestamps are generated


About bug 12. I tried it. At about 21 options you will exceed the 1024 byte limit for a message, but I was able to create a poll with 20 options. What browser are you using?
It took very long for the poll to be created since an account (private key) need to be generated for every option, and it is a pretty cost intensive task. If you open the console you can see the process. Do you see anything weird? Maybe the browser thinks the script is unresponsive because it is taking too long?
About bug 13. I am able to see both a poll you created with 10 options and one I just created with 20. Does the browser console say anything?


Bug 15

Created TestDouble in TestNetwork
Voted: Yes, No, Yes, No and have 4 Unconfirmed txs.
Wait for confirmation, go to your pool and check Resutls

ER: Any results

votes: 0
weighted score*: 0.0000e+0
percentage: 0.00
votes: 0
weighted score*: 0.0000e+0
percentage: 0.00


you voted with the same account? This is expected that poll is not multiple option. So if you vote on more than one those votes are ignored


Mozilla browser


Yes, the same, but i don’t any results at all


That is because those votes are invalidated, so they don’t count. It is like if nobody voted.


I think I fixed bug 1.
Can you build from source?
It would be helpful, since I haven’t been able to reproduce it myself.


bug 16

  1. go to New Pool
  2. Create new pool with White List type
  3. Remove all rows from white list and click Create

EX. Warning/error
AR. Successfully submit txs, but Pool was not created.