CertiK Chain Bug Bounty
Add to Watchlist
Added to Watchlist
Reward pool
Not Set
CTK
Expected profit
Estimated
CTK
Max participants
∞
No limit
DropsEarn score
Neutral
Hard, Low Risks
Rules and Submission Process
This bug bounty is limited to the DeepWallet and Explorer. In order to process bugs, please adhere to the following submission guidelines.
- For UI / UX bugs, please submit bugs and issues on the Explorer and Wallet category on the CertiK Chain Forum.
- For security bugs, email the team at [email protected] following the Reporting Bug Template found here.
Bug bounty rewards are based on severity per CVSS (the Common Vulnerability Scoring Standard).
Addititonal Information
Bug Ticket Processing Flow
1. Reporting Stage
For all UI and UX bugs, please submit bugs and issues on the Explorer and Wallet category via the CertiK Chain Forum.
For all security vulnerabilities, email the content privately at [email protected] following the bug report template.
2. Processing Stage
In about one (1) business day, the CertiK Chain team will confirm the threat intelligence per bug ticket. Our security engineers will follow up, evaluate the problem, and feed the intelligence back to the reporter with a 'Under Review' status.
In about four (4) business days, the CertiK Chain team will address the issue, draw conclusions, and record points with a 'Confirmed' or 'Ignored' status. Our security engineers will communicate with the reporter and ask for assistance if necessary.
3. Repairing Stage
The CertiK Chain team will then address the threat intelligence and update the status with 'Fixed' or 'Repaired.' The repairing timeframe depends on the problem severity and the difficulty on a case-by-case basis.
Report Bug Template
When reporting a bug, please ensure all elements are included. The following components will help the CertiK Chain team classify all vulnerabilities quickly and seamlessly.
Elements |
Description |
ID/name |
Keep it brief and use the correct terms. A best practice is to include the name of the feature where you found an issue. A good example could be 'CART - Unable to add a new item to my cart'. |
Description/Summary |
Explain the bug in a few words, and share it in easy-to-understand language. Keep in mind that your description might be used to search your bug tracking application. |
Environment |
Depending on your browser, operating system, zoom level and screen size, websites may behave differently from one environment to another. |
Source URL |
Make it easy for developers to spot the problem by including the URL of the page where you found the bug. |
Visual Proof |
A visual element, like a screenshot or a video, will help the team understand the problem better and faster. |
Steps to reproduce |
Make sure to describe, with as much detail as possible, the steps you took before you encountered the bug. |
Expected vs. actual results |
Explain the results you expected by being as specific as possible. Just saying "the app doesn’t work as expected" is not useful. It's also helpful to describe what was experienced. |
Optional |
You can also include extra information such as the severity (critical, major, minor, trivial, enhancement), or priority (high, medium, low). |
Additional Rules
- Please provide detailed reports with reproducible steps. If the report is not detailed enough to reproduce the issue, the issue will not be eligible for a reward.
- Reports out of scope will not be considered. Please check before submitting.
- When duplicates occur, we only award the first report that was received (provided that it can be fully reproduced).
- Multiple vulnerabilities caused by one underlying issue will be awarded one bounty.
- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with the explicit permission of the account holder.
- Any attacks that could cause physical damage or incur costs to other’s property is prohibited.
- Social engineering (e.g. phishing, vishing, smishing) is prohibited.
About CertiK Foundation
The CertiK Foundation is a nonprofit, research-driven organization with a mission to give people the power to trust by providing the best Formal Verification platform for smart contracts and blockchain ecosystems.
Founded by Computer Science Professors Ronghui Gu of Columbia University and Zhong Shao of Yale University, the Foundation provides developers with the safeguards and flexibility to code with confidence, facilitating blockchain adoption for developers & large enterprises alike.
Twitter: https://twitter.com/certikorg
Forum: https://forum.certik.foundation/
Riot: https://riot.im/app/#/room/#certikfoundation-chain:matrix.org
Github: https://github.com/certikfoundation/chain
About
The CertiK Chain DeepWallet and Explorer excited to officially announce Bug Bounty Program! Bug bounty rewards are determined by severity according to CVSS, the Common Vulnerability Scoring Standard. All final reward decisions will be determined by the CertiK Foundation.
30 May 2020 00:00(UTC+3) - 1 Nov 2020 00:00(UTC+3)
Closed
None