Fishbank is running a bug bounty program indefinitely to reward community members for discovering and reporting bugs. The scope of the bounty is limited only to smart contract code included in this repo.
Period: 5 March 2018 – 15 March 2018
Rewards: up to 2.5 ETH
Rewards are paid in Ether cryptocurrency transferred to Ethereum address or in Fishbank game assets from the preorder pricelist with 25% discount.
Please investigate and report bugs in a way that makes a reasonable, good faith effort not to be disruptive or harmful to us or others.
• is the part of this bounty program.
• Reports are accepted via GitHub issues submitted to this repo.
• Public disclosure of a vulnerability makes it ineligible for a bounty.
• Issues that have already been submitted by another user or are already known to the Fishbank team are not eligible for bounty rewards.
• Anyone who works with the Fishbank codebase development team, employees and all other people paid by the are not eligible for rewards.
• Fishbank website and Personal Cabinet are NOT part of the bugs bounty program.
Please be clear in describing the vulnerability (detailed descriptions , code scripts and screenshots). In order to receive higher points please suggest on how we can fix the reported issue.
The value of rewards paid out will vary depending on Severity. The severity is calculated according to the OWASP risk rating model based on Impact and Likelihood:
Fishbank Bugs Bounty program considers a number of variables in determining rewards.
Reward sizes are guided by the list below:
• Critical: up to 2000 points
• High: 500-1000 points
• Medium: 100-500 points
• Low: 50-100 points
• Note: 10-50 points
Reward’s 1 point currently corresponds to 1 USD (payable in ETH), that may change without prior notice. Reward may be paid out in game assets with 25% discount on the current preorder price as listed in https://fishbank.io/docs/Fishbank-Agreement-Exhibit-A.pdf
Determinations of eligibility, score and all terms related to an award are at the sole and final discretion of the Fishbank team.
Examples of impacts:
• Mint a new fish token without catching, set specific parameters for minted fish token, steal a fish token from someone, change parameters of minted fish, block actions for all users.
• Break fighting rules, lock a fish token someone else owns, change catching prices.
• Create price or commission errors in smart contracts, cancel user’s actions, block a user.
Bug report is recommended to include:
• Impact: The result of the vulnerability and what or who can be affected
• Description: A brief description of the vulnerability
• Scenario and Reproduction: A description of the requirements for the vulnerability to happen. Please provide us with the exact steps on how to reproduce this vulnerability (specific tx hashes or accounts used)
• Fix: If applies, your solution on how to fix this
Please report creating a new issue with the title starting as "REPORT". If you have questions please create a new issue with the title starting as "QUESTION".
The bug bounty program is an experimental and discretionary rewards program for active Fishbank community to encourage and reward those who are helping to improve the platform. It is not a competition. You should know that we can cancel the program at any time, and awards are at the sole discretion of Fishbank team. You are responsible for all taxes. All awards are subject to applicable law.
Official Website: https://fishbank.io
Telegram Group: https://t.me/fishbank_en
Telegram News: https://t.me/fishbank