CertiK Chain Bug Bounty - DropsEarn
Home / Active / CertiK Chain Bug Bounty
CertiK Chain Bug Bounty

CertiK Chain Bug Bounty

    The CertiK Chain DeepWallet and Explorer excited to officially announce Bug Bounty Program! Bug bounty rewards are determined by severity according to CVSS, the Common Vulnerability Scoring Standard. All final reward decisions will be determined by the CertiK Foundation.

    Reward pool
    Not Set
    CTK
    Expected profit
    Estimated
    CTK
    Max participants
    No limit
    DropsEarn score
    Neutral
    Hard, Low Risks
  • Activity Type: Bug bounty Testnet
  • Date: 30 May 2020 00:00(UTC+3) - 1 Nov 2020 00:00(UTC+3)
  • Registration: Open
  • Event status: You can participate (Event started, Registration open)
  • Links: General Guidelines Certik Github Certik Forum
Go to event page

Rules and Submission Process

This bug bounty is limited to the DeepWallet and Explorer. In order to process bugs, please adhere to the following submission guidelines.

  1. For UI / UX bugs, please submit bugs and issues on the Explorer and Wallet category on the CertiK Chain Forum.
  2. For security bugs, email the team at chain+security@certik.org following the Reporting Bug Template found here.

Bug bounty rewards are based on severity per CVSS (the Common Vulnerability Scoring Standard). 

Addititonal Information

Bug Ticket Processing Flow

1. Reporting Stage

For all UI and UX bugs, please submit bugs and issues on the Explorer and Wallet category via the CertiK Chain Forum. 

For all security vulnerabilities, email the content privately at chain+security@certik.org following the bug report template.

2. Processing Stage 

In about one (1) business day, the CertiK Chain team will confirm the threat intelligence per bug ticket. Our security engineers will follow up, evaluate the problem, and feed the intelligence back to the reporter with a 'Under Review' status.

In about four (4) business days, the CertiK Chain team will address the issue, draw conclusions, and record points with a 'Confirmed' or 'Ignored' status. Our security engineers will communicate with the reporter and ask for assistance if necessary.

3. Repairing Stage

The CertiK Chain team will then address the threat intelligence and update the status with 'Fixed' or 'Repaired.' The repairing timeframe depends on the problem severity and the difficulty on a case-by-case basis. 
 

Report Bug Template

When reporting a bug, please ensure all elements are included. The following components will help the CertiK Chain team classify all vulnerabilities quickly and seamlessly.
 

Elements

Description

ID/name

Keep it brief and use the correct terms. A best practice is to include the name of the feature where you found an issue. A good example could be 'CART - Unable to add a new item to my cart'.

Description/Summary

Explain the bug in a few words, and share it in easy-to-understand language. Keep in mind that your description might be used to search your bug tracking application.

Environment

Depending on your browser, operating system, zoom level and screen size, websites may behave differently from one environment to another. 

Source URL

Make it easy for developers to spot the problem by including the URL of the page where you found the bug.

Visual Proof

A visual element, like a screenshot or a video, will help the team understand the problem better and faster.

Steps to reproduce

Make sure to describe, with as much detail as possible, the steps you took before you encountered the bug.

Expected vs. actual results

Explain the results you expected by being as specific as possible. Just saying "the app doesn’t work as expected" is not useful. It's also helpful to describe what was experienced.

Optional

You can also include extra information such as the severity (critical, major, minor, trivial, enhancement), or priority (high, medium, low).

Additional Rules

  • Please provide detailed reports with reproducible steps. If the report is not detailed enough to reproduce the issue, the issue will not be eligible for a reward.
  • Reports out of scope will not be considered. Please check before submitting.
  • When duplicates occur, we only award the first report that was received (provided that it can be fully reproduced).
  • Multiple vulnerabilities caused by one underlying issue will be awarded one bounty.
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with the explicit permission of the account holder.
  • Any attacks that could cause physical damage or incur costs to other’s property is prohibited.
  • Social engineering (e.g. phishing, vishing, smishing) is prohibited.

About CertiK Foundation

The CertiK Foundation is a nonprofit, research-driven organization with a mission to give people the power to trust by providing the best Formal Verification platform for smart contracts and blockchain ecosystems.

Founded by Computer Science Professors Ronghui Gu of Columbia University and Zhong Shao of Yale University, the Foundation provides developers with the safeguards and flexibility to code with confidence, facilitating blockchain adoption for developers & large enterprises alike.
 

Twitter: https://twitter.com/certikorg

Forum: https://forum.certik.foundation/

Riot: https://riot.im/app/#/room/#certikfoundation-chain:matrix.org

Github: https://github.com/certikfoundation/chain