Skip to content

Latest commit

 

History

History
41 lines (30 loc) · 2.77 KB

rules.md

File metadata and controls

41 lines (30 loc) · 2.77 KB
Raw

v8CTF Rules

The v8CTF is a part of the Google VRP in which we reward successful exploitation attempts against a V8 version running on our infrastructure. This program is orthogonal to the Chrome VRP, if you find a bug and exploit it, you can submit the bug to the Chrome VRP and use the exploit for the v8CTF.

In the following, we will differentiate between 0-day and n-day exploits. If the bug that led to the initial memory corruption was found by you, i.e. reported from the same email address as used in the v8CTF submission, we will consider the exploit a 0-day submission. All other exploits are considered n-day submissions.

Rules

The following rules apply to the eligibility of exploits:

  • Your exploit needs to exfiltrate the flag from our v8CTF infrastructure.
  • Only the first submission for a given bug that leads to the initial memory corruption is eligible.
  • Only the first submission per deployed V8 version in v8CTF is eligible based on the timestamp of the form submission.
    • 0-day submissions are exempt from this limit.
  • Exploits need to be reasonably fast and stable. We accept submissions with an average runtime of less than 5 minutes and at least 80% success rate.
  • Valid submissions get a reward of $10,000.

Submission Process

  1. If your exploit targets a 0-day vulnerability, make sure to report it first to the Chrome VRP.
  2. Check this sheet if there’s already a submission for the currently deployed V8 version.
  3. Exploit the bug and capture the flag from our v8CTF environment.
  4. Create a .tar.gz archive of your exploit and calculate its sha256, e.g. with sha256sum exploit.tar.gz.
    1. Please double check that the exploit doesn’t have any external dependencies.
  5. Fill out this form with the flag and the exploit sha256 sum.
    1. For 0-day submissions, please use the same email address you reported the bug from.
  6. A bug in the Google Issue Tracker will be filed on your behalf. Attach the exploit matching the sha256 sum and a short write up to the bug.
  7. Give us a few days to validate your submission.

Setup

You can find a description of our v8CTF infrastructure in the README.

Communication

We have two discord channels set up on the Capture The Flag server:

  • #v8ctf-announcements: will be used for announcements such as changes to the rules.
  • #v8ctf: is open to all. If you have any questions, please ask here.