Swisstronik Bug Bounty Program

Details

Sigma Assets GmbH as developer of the Swisstronik Network invites the Swisstronik community to join the Swisstronik bug bounty program. For each bounty application, you will need to follow the instructions set in "How to submit the bug report" section on the Bug Bounty page. There are different Bug Categories you may apply for. 

Who can join

• Developers: blockchain core developers, Intel SGX developers, smart contracts and dApp developers, as well as front-end and back-end developers familiar with the following languages: Solidity, Go, Rust, JavaScript and others.
• Node operators: Individuals who meet the Node setup requirements and are interested in setting up a node.

Bug categories per functionality

1. Intel SGX & Encryption: Any bugs reported on the node side related to the functionality of Intel SGX. Rewards pool is $25,000. Once the bug is accepted and the reward size confirmed by the Swisstronik team, 80% of the reward value will be paid in USDT, 20% - in the Swisstronik tokens, SWTR.
2. Blockchain Core: Any bugs in the code related to the safe functionality of the chain and EVM module. Rewards pool is $25,000. Once the bug is accepted and the reward size is confirmed by the Swisstronik team, 80% of the reward value will be paid in USDT, 20% - in the Swisstronik tokens, SWTR.
3. Blockchain stability & informational bugs: Any bugs that are related to the stable functionality of the blockchain. Rewards pool is $20,000.

Reward determination guidelines

General Provisions

The determination of a Bounty Reward to be paid out will vary depending on variables as determined at the full discretion of Sigma Assets GmbH, using the guidelines set forth below.

Bounty Rewards are generally paid in SWTR but may also be paid out in other cryptocurrencies or fiat currencies for compliance or other reasons. The decision as to whether a Bounty Reward is paid in SWTR or any other cryptocurrency or fiat currency, as well as the calculation of the relevant exchange rate lies at the sole discretion of Sigma Assets GmbH and may be subject to change at any time.

SWTR that will be issued as Bounty Rewards will be subject to a lock-up mechanism according to which, after the launch of Swisstronik Network, the SWTR will be unlocked gradually. The exact conditions of such lock-up mechanism are still to be defined but it is currently envisioned to unlock the SWTR gradually in monthly installments over a duration of 24 months.

Bounty Rewards paid in other cryptocurrency including stablecoins or fiat currencies, will be paid out within 30 days after the end of the Bug Bounty Program.

Size of Bounty Rewards

The value of Bounty Rewards paid out will vary depending on severity which is calculated based on Impact and Likelihood of the bug detected:

The size of a reward is based on the below listed, non-binding guideline allocations:

• Critical: up to $31,000
• High: up to $10,000
• Medium: up to $3,000
• Low: up to $1,000
• Note: up to $300

Sigma Assets GmbH reserves the right to change the above rate without prior notice and without the possibility of recourse. Please also note that since this guideline is non-binding, all allocations are at the sole discretion of Sigma Assets GmbH and all reward decisions are final.

Other variables

In addition to severity, other variables are also considered when Sigma Assets GmbH determines the reward to be paid, including (but not limited to):

• Quality of description: Higher rewards are paid for clear, well-written submissions. This makes it easier to quickly understand the scope and severity of the submitted issue.
• Quality of reproducibility: Please include test code, scripts and detailed instructions. The easier it is easier to reproduce and verity the vulnerability, the higher the reward.
• Quality of fix, if included: Higher rewards are paid for submissions with clear description of how to fix the issue.

Bug submission guidelines

1. First come, first served: If multiple developers report the same bug, only the first report that adheres to Swisstronik reporting guidelines will receive the reward. This process will be publicly documented in the respective repository's "Issues" section, ensuring transparency and allowing other developers to see the order of bug submissions.
2. Submission criteria: Bug reports must adhere to the bug report criteria specified in the "Bug Bounty Testnet 1.0" repository's bug-reports.md file. These criteria act as a guideline to ensure thorough and precise bug reporting, promoting effective resolution and mitigation of identified vulnerabilities.
3. Public recognition: Swisstronik will publicly recognize those who discover bugs. This will be achieved through a public recognition system implemented in the Bug Bounty Testnet 1.0 repository. The repository will include a folder called "Hall of Fame" where the names and achievements of the bug bounty winners will be showcased.
4. Rewards transparency: Transaction records confirming the rewards paid to each developer will be publicly available in the "Bug Bounty Testnet 1.0" repository and publicly accessible in the blockchain, emphasizing Swisstronik commitment to transparency.
5. Deadline: Bug reports must be submitted by September 30, 2023.

Links

• Dashboard: To check your eligibility, Swisstronik advises that you pass the KYC there first. If you don't do it or turn out to be ineligible, you will not be able to receive a reward. Later, you can use the Dashboard to track your report status and more.
• Documentation: Obtain advantages over other devs. Join Swisstronik special Discord channel and be the first to receive important updates, talk directly with the tech team and enjoy other perks.
• Website
• Twitter
• Discord
• Telegram