You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Bancor V2 Bug Bounty is limited to vulnerabilities affecting the Bancor Protocol smart contracts in this repository.
The following are not within the scope of the bounty program:
Bugs in any third party contract or platform that interacts with Bancor V2
Any previously reported or known bugs
Vulnerabilities already reported and/or discovered in contracts built by third parties on Bancor V2
Rewards
The severity of bugs will be assessed under the CVSS Risk Rating.
Awards for bugs discovered July 16–30 2020:
Critical (9.0–10.0): Up to $54,000
High (7.0–8.9): Up to $14,400
Medium (4.0–6.9): Up to $4,800
Low (0.1–3.9): Up to $1,800
Awards for bugs discovered after 12:00AM GMT July 30 2020:
Critical (9.0–10.0): Up to $45,000
High (7.0–8.9): Up to $12,000
Medium (4.0–6.9): Up to $4,000
Low (0.1–3.9): Up to $1,500
Rewards will be determined based on the impact of the discovered vulnerability as well as the level of difficulty in reproducing the vulnerability.
Disclosure Requirements
Any vulnerability or bug discovered must be reported only to the following email: bugbounty@bancor.network. The bug must not be disclosed publicly or to any other person, entity or email address other than bugbounty@bancor.network.
Please include as much detail about the vulnerability as possible including:
Conditions on which reproducing the bug is contingent.
Steps needed to reproduce the bug or, preferably, a proof of concept.
Implications of the vulnerability being abused.
Any bug reporter who reports a previously unreported bug that results in a change to the code or a configuration change and who keeps the vulnerability confidential until it has been resolved by our engineers will be recognized publicly for their contribution, if agreed.
Eligibility
To be eligible for a reward in the Bancor V2 Bug Bounty, you must:
Discover a previously unreported, non-public vulnerability that would result in a loss of or a lock of any token on Bancor V2 (but not on any third party platform interacting with Bancor V2) and that is within the Scope mentioned above.
Be the first to disclose the unique vulnerability to bugbounty@bancor.network, in compliance with the Disclosure Requirements above.
Provide sufficient information to enable our engineers to reproduce and fix the vulnerability.
Not exploit the vulnerability in any way, including through making it public or by obtaining a profit (other than a reward under the Bug Bounty).
Make a good faith effort to avoid privacy violations, destruction of data, interruption or degradation of Bancor V2.
Not submit a vulnerability caused by an underlying issue that is the same as an issue on which a reward has been paid under the bounty program.
Not be one of our current or former employees, vendors, or contractors or an employee of any of those vendors or contractors.
Other Terms
All reward decisions, including eligibility for and amounts of the rewards and the manner in which such rewards will be paid, are made at our sole discretion.
The terms and conditions of the Bancor V2 Bug Bounty may be altered at any time.
The text was updated successfully, but these errors were encountered:
yudilevi
changed the title
Bancor V2 Bug Bounty
Bancor V2 Bug Bounty - Up to $54K in awards
Jul 19, 2020
Submit a report to: bugbounty@bancor.network.
Join the Bancor Developers Telegram Channel: https://t.me/bancordevelopers
TestNet deployments of the Bancor Ropsten contracts will be deployed in the coming days.
Scope
The Bancor V2 Bug Bounty is limited to vulnerabilities affecting the Bancor Protocol smart contracts in this repository.
The following are not within the scope of the bounty program:
Rewards
The severity of bugs will be assessed under the CVSS Risk Rating.
Awards for bugs discovered July 16–30 2020:
Awards for bugs discovered after 12:00AM GMT July 30 2020:
Rewards will be determined based on the impact of the discovered vulnerability as well as the level of difficulty in reproducing the vulnerability.
Disclosure Requirements
Any vulnerability or bug discovered must be reported only to the following email: bugbounty@bancor.network. The bug must not be disclosed publicly or to any other person, entity or email address other than bugbounty@bancor.network.
Please include as much detail about the vulnerability as possible including:
Any bug reporter who reports a previously unreported bug that results in a change to the code or a configuration change and who keeps the vulnerability confidential until it has been resolved by our engineers will be recognized publicly for their contribution, if agreed.
Eligibility
To be eligible for a reward in the Bancor V2 Bug Bounty, you must:
Other Terms
All reward decisions, including eligibility for and amounts of the rewards and the manner in which such rewards will be paid, are made at our sole discretion.
The terms and conditions of the Bancor V2 Bug Bounty may be altered at any time.
The text was updated successfully, but these errors were encountered: