OriginTrail Starfleet Bug Bounty Program - DropsEarn
OriginTrail Starfleet Bug Bounty Program

OriginTrail Starfleet Bug Bounty Program

    The OriginTrail Core developers are inviting all security researchers and community members to participate in securing the implementation of Starfleet stage technical components. A significant reward budget in TRAC tokens has been allocated to ensure that Starfleet boarding and launch are in line with the highest security standards.

    Reward pool
    Expected profit
    ~ $140 - 3,500
    Max participants
    DropsEarn score

  • Activity Type: Tasks Bug bounty FCFS
  • Date: from 6 Jan 2021 12:00(UTC+3)
  • Registration: Open
  • Event status: You can participate (Event started, Registration open)
  • Links: Official Announcement
Go to event page

Image for post

Detailed information 

It is with great pleasure that team kick off the final stages of the preparation phase of the Starfleet stage today by launching the official Starfleet bug bounty program. 

Bug bounty scope

The following projects are in scope for the Starfleet bug bounty program:

  1. The Starfleet Boarding Solidity smart contract — focusing on securing the boarding process against any potential smart contract attacks starting from January 6, 2021. A detailed specification for the smart contract is presented in the OT-RFC-10;
  2. The Starfleet Boarding website — ensuring the secure interaction of the Dapp with the Starfleet boarding smart contract, starting from January 25, 2021 (after the website launch); and
  3. The Starfleet blockchain source code: To be released prior to the mainnet launch, securing the implementation (starting date TBA).


  • Low severity bugs: ~ 1000 TRAC
  • Medium severity bugs: ~ 5000 TRAC
  • High severity bugs: ~ 25000 TRAC


The following bug bounty rules apply to all of the above-listed projects:

  • First come, first served.
  • Issues that have already been submitted by another person are not eligible for bounty rewards.
  • Public disclosure of a vulnerability makes it ineligible for the bounty reward.
  • Hired auditors are not eligible for rewards.
  • Determination of eligibility, score, and all terms related to the reward is at the sole and final discretion of OriginTrail core developers.

In addition to bug severity, the core developers will also consider the following information to determine the rewards:

  • Quality of description: higher rewards are paid for clear, well-written submissions.
  • Reproducibility: please include test code, scripts, or detailed instructions.
  • Quality of fix, if included: higher rewards will be paid for submissions with a clear description of how to fix the issue.

All bug bounty submissions are to be sent via email to bounty@tracelabs.io

Team urge bounty hunters to:

  • Give the team a reasonable amount of time to resolve any submitted vulnerabilities.
  • Not to use any other channel to submit vulnerabilities other than the provided email address.
  • Not damage OriginTrail and its stakeholders or disclose any data in the process of discovery.

Social networks

Relevant blog posts: