Up to $5000 as reward for severe exploits.
- Bounty program runs from September 18 2020 UTC 0:00 AM to October 2 2020 UTC 0:00 AM
- Latest DIN codebase can be found here
- All bugs must be submitted after the final commit
On September 18 2020, the team will start a public testnet. All community members are invited to this event, which marks the start of the bounty program. In order to participate in the bug bounty, participants must submit a bug report, formatted as shown here. Participants must make sure the report is correctly formatted and reviewed before submission. Only valid bug reports will be paid. All reports must be submitted by October 2, 2020, UTC 0:00 AM.
As a participant, you’ll need to base all of your work off the final commit we provided. Any bugs which refer to previous commits aren’t eligible for this program. Bugs provided before September 18 won’t be accepted.
Bugs need to relate to InfinityNode functionality and Metadata or LockReward mechanisms. Anything else won’t be accepted, as it doesn’t concern the scope of this programme.
We are currently aware of a testnet quirk, which doesn’t allow using expired InfinityNode IPs for new nodes. This is not an issue and relates to testnet only, therefore is excluded from the bounty.
As a participant, you are required not to disclose any type of information until the bug bounty has not ended. Disclosing information before October 2, 2020, UTC 0:00 AM will render all your reports ineligible for a reward.
No social engineering is allowed.
The OWASP risk rating methodology has been chosen to evaluate the threat a bug poses to the system’s functionality. All bounties will be paid in SIN.
Low: 100 USD
Medium: 200 USD
High: 1000 USD
Critical: 5000 USD
Please note that the entity of compensation varies based on the quality of each bug report; bug reports which contain quality comments, are example-rich and contain very detailed steps on reproduction may be paid more than the figures advertised.
On the other hand, incomplete reports, even if centered around a real issue, will not be considered.
Submission can be done by sending an email here: [email protected]
Anon submissions are welcome.
Author: Giacomo Milligan