Up to $5000 as reward for severe exploits.

Summary

  • Bounty program runs from September 18 2020 UTC 0:00 AM to October 2 2020 UTC 0:00 AM
  • Latest DIN codebase can be found here
  • All bugs must be submitted after the final commit

Detailed timeframe

On September 18 2020, the team will start a public testnet. All community members are invited to this event, which marks the start of the bounty program. In order to participate in the bug bounty, participants must submit a bug report, formatted as shown here. Participants must make sure the report is correctly formatted and reviewed before submission. Only valid bug reports will be paid. All reports must be submitted by October 2, 2020, UTC 0:00 AM.

Detailed bounty

As a participant, you’ll need to base all of your work off the final commit we provided. Any bugs which refer to previous commits aren’t eligible for this program. Bugs provided before September 18 won’t be accepted.

Bugs need to relate to InfinityNode functionality and Metadata or LockReward mechanisms. Anything else won’t be accepted, as it doesn’t concern the scope of this programme.

We are currently aware of a testnet quirk, which doesn’t allow using expired InfinityNode IPs for new nodes. This is not an issue and relates to testnet only, therefore is excluded from the bounty.

blank

Extra Rules

As a participant, you are required not to disclose any type of information until the bug bounty has not ended. Disclosing information before October 2, 2020, UTC 0:00 AM will render all your reports ineligible for a reward.

No social engineering is allowed.

Compensation

The OWASP risk rating methodology has been chosen to evaluate the threat a bug poses to the system’s functionality. All bounties will be paid in SIN.

blank

Low: 100 USD

Medium: 200 USD

High: 1000 USD

Critical: 5000 USD

Please note that the entity of compensation varies based on the quality of each bug report; bug reports which contain quality comments, are example-rich and contain very detailed steps on reproduction may be paid more than the figures advertised.
On the other hand, incomplete reports, even if centered around a real issue, will not be considered.

Submission

Submission can be done by sending an email here: [email protected]

Anon submissions are welcome.

Stay tuned for further developments as and when they happen via our discord and telegram channels. Thank you for your brilliant support.

Website Discord . Telegram . Bitcointalk . Twitter . Facebook .Linkedin. Team.YouTube.Reddit.Instagram.

Author: Giacomo Milligan

blank