Aptos Petra Wallet x Immunefi Bug Bounty Program
Add to Watchlist
Added to Watchlist
Reward pool
Not set
USDC, USDT
Expected profit
up to $100,000
up to 100,000 USDC/USDT
Max participants
∞
No limit
DropsEarn score
Neutral
Normal, Low Risks
Details
Aptos is building a safe, upgradeable and production-ready Layer 1 blockchain. Founded by a highly-accomplished team of creators, researchers, designers, and builders, Aptos Labs is committed to delivering universal and fair access to decentralization for billions of people. Aptos’ breakthrough Layer 1 technology and programming language, Move, are designed to evolve, improve reliability and performance and strengthen security. This is achieved through novel innovations across consensus, smart contract design, system security, performance, and decentralization - making it dramatically easier for developers to build scalable and user-friendly applications.
Rewards by Threat Level
Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System V2.2. This is a simplified 5-level scale, with separate scales for websites/apps, smart contracts, and blockchains/DLTs, focusing on the impact of the vulnerability reported. This scale encompasses all the aspects of a bug, from the consequence of a successful exploit to the level of access required to exploit it, to the probability that an exploitation attempt will be successful.
Critical vulnerabilities: up to the max bounty amount specified below under Aptos discretion.
All rewards are decided on a case-by-case basis by Aptos, taking into account the exploitability of the bug, the impact it causes, and the likelihood of the vulnerability presenting itself if it is nondeterministic or some of the conditions are not present at the time.
All web/app bug reports must come with a PoC with an end-effect impacting an asset-in-scope in order to be considered for a reward. Explanations and statements are not accepted as PoCs and code is required.
Note: Aptos has a second bug bounty program, which can be found here.
Criteria for determining report validity is the satisfaction of a critical impact. In cases where multiple bugs across Aptos assets are required to create a single critical impact, these bugs will be treated as a single report for determining rewards.
Furthermore, reports are treated as unified across Aptos programs; a bug report rewarded in one program is disqualified from further rewards on other Aptos programs that might exist on Immunefi. This does not apply to separate particular bug reports, which can qualify for new rewards on other Aptos programs if a separate impact is demonstrated.
KYC Requirements
This bug bounty program is only open to individuals outside the OFAC restricted countries. Bug bounty hunters will be required to provide evidence that they are not a resident or citizen of these countries in case the submission is eligible for a reward. If the individual is a US person, tax information will be required, such as a W-9, in order to properly issue a 1099. Aptos requires KYC to be done for all bug bounty hunters submitting a report and wanting a reward. Form W-9 or Form W-8 is required for tax purposes. All bug bounty hunters are required to use Persona for KYC, via their community platform (aptoslabs.com). The collection of this information will be done by the Aptos project team.
Payouts are handled by the Aptos team directly and are denominated in United States Dollars (USD). However, payouts are done in USDC and USDT, with the choice of the ratio at the discretion of Aptos’s team.
Links
About
Aptos Petra Wallet has launched their bug bounty on Immunefi. Aptos is building a safe, crypto wallet that encrypts your keys and allows you to store, collect, and trade coins. Find bugs and earn up to $100,000.
26 Sep 2022 19:41(UTC+3) - 22 Nov 2022 01:24(UTC+3)
Closed
None