IRISnet Bug Bounty Program III

Do repost and rate:

IRISnet (mainnet IRIS Hub) is about to upgrade with the integration of Cosmos IBC module and unique functions such as NFT and enhanced iService.

In order to make sure the upgraded network remains stable and robust, IRISnet is launching the Bug Bounty Program III as part of the mainnet upgrade preparation to timely find and fix potential issues with assistance from skilled developers.

Time

0:00, 29 January, 2021 (UTC+8) — 0:00, 25 Feb, 2021 (UTC+8)

Rules & Rewards

Bounty rewards will be decided based on many factors including impact and risk of the bug, the possibility of bug being exploited, and the report quality. Rewards for bugs will be classified into these categories for payout:

· Critical — $1,500 and up

· Medium — $500 and up

· Low — up to $200

 

All the bounty rewards will be paid in equivalent IRIS tokens.

IRISnet core dev team will evaluate each bug report and will be responsible for rating the severity of each bug submitted. The reward will be estimated and decided according to the severity of a bug and the quality of a report.

If we receive duplicate bug reports, we will award a bounty (if applicable) to the first person who reported the issue.

Bug Categories (by levels of severity)

· Critical: Stealing and arbitrarily minting or distributing tokens/destroying consensus and halting the block producing/breaking the on-chain governance and software upgrade process/memory leakage and unusual resource consumption.

· Medium: Unexpected behavior under corner cases/illegal Tx being successfully executed/unexpected action after legal Tx being successfully executed/single machine failure with no effect on the consensus.

· Low: Defect of API (LCD) and CLI/failure of none Tx query command/failure of iris or iristool (sub-)commands.

To qualify for a bounty, make sure:

· The voting power of Byzantine nodes cannot exceed 1/3 of the total.

· Server should run 64-bit Linux system with 4G and above storage.

· The security bug must not be a bug/issue in Cosmos-SDK or Tendermint.

· The security bug must not be a known issue that had been documented in GitHub before the bug was reported.

· The security bug can be reproducible in the master branch.

· The security bug should not be located in test code.

· The report should include clear reproducible steps and a certain probability of recurring (docker-compose configuration, log files, shell.sh, etc. should be provided).

· You must not have written the buggy code or otherwise been involved in contributing the buggy code to the IRISnet project.

Program Scope

At present, the following IRISnet repositories are involved in this bug bounty program scope (note some sub-packages and files are not in-scope):

irisnet/irishub

In scope:

· the master branch under github.com/irisnet/irishub

Not in scope:

· github.com/irisnet/irishub/contrib

· github.com/irisnet/irishub/docs

· github.com/irisnet/irishub/scripts

· github.com/irisnet/irishub/simapp

· github.com/irisnet/irishub/third_party

irisnet/irismod

In Scope:

· the master branch under github.com/irisnet/irismod

Not in Scope:

· github.com/irisnet/irismod/contrib

· github.com/irisnet/irismod/simapp

· github.com/irisnet/irismod/scripts

· github.com/irisnet/irismod/third_party

Reporting Bugs

If you have found a bug, please submit a related report to [email protected]. The team will evaluate your reports in the order they are received and send an email response to each reporter with severity rating and reward information, within 5 business days.

 

IRIS Foundation complied with national laws and regulations and reserves the rights of the final interpretation of the IRISnet Bug Bounty Program rules and rewards.

Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.

?? Community Channels

•Email: [email protected]

Website

Forum

Twitter

Facebook

LinkedIn

Medium

YouTube

English Telegram

Chinese Telegram

Korean Telegram

Korean KakaoTalk

Philippines Telegram

Italian Telegram

French Telegram

Hispanic Telegram

•WeChat subscription: irisnetwork

•WeChat group: irisnetwork2018

 

 https://www.publish0x.com

Regulation and Society adoption

Ждем новостей

Нет новых страниц

Следующая новость

All content provided by the site, hyperlinks, related applications, forums, blogs, social networks and other information is taken from third-party sources and is intended for reference only. We make no warranties with respect to our content, including but not limited to accuracy and timeliness. No part of the content we provide is financial advice, legal advice or any other form of advice intended for any of your personal purpose. Any use of our content is entirely at your own risk. You should conduct your own research, review, analysis and verification of our content before relying on them. Trading is a very risky activity that can lead to large losses, so consult your financial Advisor before making any decision. No content on our site is a public offer or invitation to action.

This resource may contain 18+materials

© 2016-2024