![]() ![]() browser extensions) as well as websites (e.g. Any testing with third party systems and applications (e.g.Attempting phishing or other social engineering attacks against our employees and/or customers.Any testing with pricing oracles or third party smart contracts Despite the crypto markets decline in 2022, now is the ideal time to purchase high-potential altcoins in preparation for the inevitable future bull run.Any testing with mainnet or public testnet contracts all testing should be done on private testnets or mocknet.The following activities are prohibited by this bug bounty program: Basic economic governance attacks (e.g.Not to exclude oracle manipulation/flash loan attacks. ![]() Incorrect data supplied by third party oracles.Any attack using a publicly known github issue or PR (including vendored dependencies - see above).Any attack using a vendored dependency is limited to at most a Low impact (Github issue or PR is preferred in this case).Attacks that require a bitcoin miner to cooperate with any attack.Attacks requiring the use of a bitcoin miner.Attacks that depend on a remote bitcoin node over an untrusted network.Attacks requiring access to privileged addresses (governance, strategist).Attacks requiring access to leaked keys/credentials.Attacks that the reporter has already exploited themselves, leading to damage. ![]() The following vulnerabilities are excluded from the rewards for this bug bounty program: However, payments can be made in USD (including USDT and USDC), STX (USD equivalent) or BTC (USD equivalent) at the discretion of Stacks Foundation. Payouts are handled by the Stacks Foundation team directly and are denominated in USD. Vulnerabilities and their impacts mentioned in the following audit reports are ineligible for a reward: If the individual is a US person, tax information will be required, such as a W-9, in order to properly issue a 1099. Bug bounty hunters will be required to provide evidence that they are not a resident or citizen of these countries. This bug bounty program is only open to individuals outside the OFAC restricted countries. However, there is a minimum reward of USD 50 000. Explanations and statements are not accepted as PoC and code is required.Īll critical bug reports with direct financial impact are further capped at 10% of economic damage, which primarily takes into consideration the funds at risk while also having some PR and branding considerations, though at the discretion of the team. If there is any discrepancy with the classification in the Impacts in Scope section, the classification in the Impacts in Scope section will hold true.Īll critical bug reports must come with a PoC with an end-effect impacting an asset-in-scope in order to be considered for a reward. This is a simplified 5-level scale, with separate scales for each category, encompassing everything from consequence of exploitation to privilege required to likelihood of a successful exploit. Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System V2.2 v2. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |