According to the severity calculated by OWASP Risk Rating Method based on Impact and Likelihood.
- High: Bugs affecting asset security.
- Medium: Bugs affecting system stability.
- Low: Other bugs that do not affect asset security and do not affect system stability.
- High: The bug can be discovered by anyone who performs an operation, regardless of whether or not the bug has been found.
- Medium: Only certain people can discover it (such as a bug that only developers encounter, ordinary users are not affected.)
- Low: Covers less than 1% specific population, such as certain rare Android models; or any other exceptional cases.
The Amount of Rewards
To ensure the bug reporter obtains a stable expected reward, USDT will be the main crypto as rewards.
The reward amount is divided into 5 categories:
- Critical: 1,000 + USDT (No upper limit)
- High: 500 + USDT
- Medium: 200 + USDT
- Low: 50 + USDT
- Note: 30 + USDT
If reporters provide the solution of security vulnerabilities, the reward will be more than doubled.
Judges are from Lambda Technical Committee.
Report A Bug
Please send bug report via the google form here.
- Please ensure the accuracy and clarity of the content, because the reward evaluation will be based on the content submitted in this form.
- If many people discover the same bug, then their report submissions in chronological order will determine their reward. Community users are welcome to discuss the issues of bugs, but the discussion itself is not considered a report, therefore a report form must still be submitted.
The Final reward list announcement
After the bounty program, the final reward list and the reward amount will be announced on Twitter and Weibo channel, and rewards will be issued within 15 working days.
- The Lambda Bug Bounty Program is from 09/12/2020 16:00–23/12/2020 16:00 (UTC+8). The Lambda Technical Committee reserves the right to final interpretation of the bounty program, and the rights to adjust or cancel the reward scope, eligibility and amount.
- TheLambda Technical Committeewill confirm and evaluate the bug report after its submission. The evaluation time will depend on the severity of the problem and the difficulty of fixing it. The evaluation result will be sent to its reporter by email as soon as possible.
- Reporters shall keep the bugs non-public and confidential until 30 days after submitting the bugs to Lambda, and shall not disclose the bugs to any third party. Such confidentiality timeline can be extended by Lambda unilaterally. If reporters disclose the bugs to any third party that causes any harm to Lambda or Lambda’ users, reporters shall be responsible for the compensation for all the losses.
- The Lambda Technical Committee encourages community member to discuss with the Lambda community and Interstellar technical team and other community members in the Lambda public discussion group. Team also encourage community members to join in fixing these bugs. Please join telegtam group for discussion.