Ocean Protocol x Immunefi Bug Bounty Program
Add to Watchlist
Added to Watchlist
Reward pool
Not set
OCEAN
Expected profit
up to $100,000
OCEAN
Max participants
∞
No limit
DropsEarn score
Neutral
Normal, Low Risks
Details
Ocean Protocol unlocks the value of data.
Data owners and consumers use the Ocean Market app to publish, discover, and consume data in a secure, privacy-preserving fashion. OCEAN holders stake liquidity to data pools.
Developers use Ocean libraries to build their own data wallets, data marketplaces, and more.
Ocean datatokens wrap data services as industry-standard ERC721 NFTs and ERC20 tokens. This enables data wallets, data exchanges, and data co-ops by leveraging crypto wallets, exchanges, and other decentralized finance (DeFi) tools.
Special Case:
For this specific bounty program, the Ocean Protocol Foundation is allowing testing on their public testnets.
This bug bounty program is focused on their smart contracts and is focused on preventing:
- Bugs that could result in funds being lost
- Permanent freezing of funds
- Unauthorized protocol changes (e.g. to fees)
Rewards by Threat Level
Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System V2. This is a simplified 5-level scale, with separate scales for websites/apps, smart contracts, and blockchains/DLTs, focusing on the impact of the vulnerability reported.
All bug reports must come with a PoC with an end-effect impacting an asset-in-scope in order to be considered for a reward. Explanations and statements are not accepted as PoC and code is required. For this specific bounty program, the Ocean Protocol Foundation is allowing testing on their public testnets.
All known issues highlighted in the github repo and audit report below are considered as out of scope:
- https://github.com/oceanprotocol/contracts/issues
- https://github.com/oceanprotocol/contracts/blob/v4main/docs/Ocean_Protocol_Smart_Contract_Security_Audit_Report_Halborn_Final%20(1).pdf
The Ocean Protocol Foundation does not require KYC to be done for this program. However, bug bounty hunters submitting a report and wanting a reward will have to provide an invoice submitted via the Request invoicing platform.
The invoice needs to include the details below:
-
Email address
-
Invoice date
-
Country
-
Description of bug bounty
-
Granted amount (OCEAN)
-
Payment details - crypto-wallet address
Rules & more info.
Links
About
Ocean Protocol announced Bug Bounty Program on Immunefi. Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System V2. Reward for critical level of vulnerability is up to $100,000.
31 Mar 2022 03:00(UTC+3) - 30 Jun 2022 03:00(UTC+3)
Closed
None