The CertiK Chain DeepWallet and Explorer excited to officially announce Bug Bounty Program! Bug bounty rewards are determined by severity according to CVSS, the Common Vulnerability Scoring Standard. All final reward decisions will be determined by the CertiK Foundation.
This bug bounty is limited to the DeepWallet and Explorer. In order to process bugs, please adhere to the following submission guidelines.
Bug bounty rewards are based on severity per CVSS (the Common Vulnerability Scoring Standard).
For all UI and UX bugs, please submit bugs and issues on the Explorer and Wallet category via the CertiK Chain Forum.
For all security vulnerabilities, email the content privately at chain+security@certik.org following the bug report template.
In about one (1) business day, the CertiK Chain team will confirm the threat intelligence per bug ticket. Our security engineers will follow up, evaluate the problem, and feed the intelligence back to the reporter with a 'Under Review' status.
In about four (4) business days, the CertiK Chain team will address the issue, draw conclusions, and record points with a 'Confirmed' or 'Ignored' status. Our security engineers will communicate with the reporter and ask for assistance if necessary.
The CertiK Chain team will then address the threat intelligence and update the status with 'Fixed' or 'Repaired.' The repairing timeframe depends on the problem severity and the difficulty on a case-by-case basis.
Report Bug Template
When reporting a bug, please ensure all elements are included. The following components will help the CertiK Chain team classify all vulnerabilities quickly and seamlessly.
Elements |
Description |
ID/name |
Keep it brief and use the correct terms. A best practice is to include the name of the feature where you found an issue. A good example could be 'CART - Unable to add a new item to my cart'. |
Description/Summary |
Explain the bug in a few words, and share it in easy-to-understand language. Keep in mind that your description might be used to search your bug tracking application. |
Environment |
Depending on your browser, operating system, zoom level and screen size, websites may behave differently from one environment to another. |
Source URL |
Make it easy for developers to spot the problem by including the URL of the page where you found the bug. |
Visual Proof |
A visual element, like a screenshot or a video, will help the team understand the problem better and faster. |
Steps to reproduce |
Make sure to describe, with as much detail as possible, the steps you took before you encountered the bug. |
Expected vs. actual results |
Explain the results you expected by being as specific as possible. Just saying "the app doesn’t work as expected" is not useful. It's also helpful to describe what was experienced. |
Optional |
You can also include extra information such as the severity (critical, major, minor, trivial, enhancement), or priority (high, medium, low). |
The CertiK Foundation is a nonprofit, research-driven organization with a mission to give people the power to trust by providing the best Formal Verification platform for smart contracts and blockchain ecosystems.
Founded by Computer Science Professors Ronghui Gu of Columbia University and Zhong Shao of Yale University, the Foundation provides developers with the safeguards and flexibility to code with confidence, facilitating blockchain adoption for developers & large enterprises alike.
Twitter: https://twitter.com/certikorg
Forum: https://forum.certik.foundation/
Riot: https://riot.im/app/#/room/#certikfoundation-chain:matrix.org
Github: https://github.com/certikfoundation/chain