-
Notifications
You must be signed in to change notification settings - Fork 2
Bug Bounty Program
Marc Doerflinger edited this page Oct 23, 2024
·
5 revisions
We’re offering $DIP per unique bug found, and an extra $DIP 50,000 reward for the DIP Super Hunter 🦸🦹♀️ who finds the most unique significant bugs across the GIF v3 and FlightDelay applications.
We’re classifying and rewarding bug hunters like this:
| Category | Example | $DIP per bug |
|---|---|---|
| High | Exploits, vulnerabilities or errors that will certainly or probabilistically lead towards loss of funds, control, or impairment of the application or the contract and its functions. E.g. loss of control over instance, staked funds vulnerabilities. | 25,000 |
| Medium | Bugs or issues that may be subject to exploit, though their impact is somewhat limited. E.g. inability to use policy / risk bundle / staking as intended | 10,000 |
| Low | Effects are minimal in isolation and do not pose a significant danger to the project or its users. E.g. invalid error messages, missing links | 2,000 |
| Informational | Consistency, syntax or style best practices. Generally pose a negligible level of risk, if any. E.g. typos, formatting of numbers. | 1,000 |
We want this to be super transparent so please put any feedback / your bugs into:
- the #discord
- (If you’re techy 😉 ) directly in Github
- Remember that we’ll only reward unique bugs found, so keep an eye on Github to check out which bugs have already been found (you don’t need a Github account to see this). GIF v3 issues, FlightDelay issues
- We’ll aim to pay DIP tokens 14 days after verification by the Etherisc team that the bug is authentic and unique. Keep an eye on the Github issue to check the status of your bug
- If you spot somebody that needs help during the hunt, or something doesn’t seem right, please support / call it out! 🙂
- Once your bug has been verified we’ll notify you about the bug bounty you receive.
- The Etherisc team has final say on which category the bug fits into, and who receives the DIP Super Hunter reward, it’s up to the Etherisc team how to do this
- The Etherisc team has already tested the products so is not taking part in the hunt or receiving $DIP for the hunt