-
Notifications
You must be signed in to change notification settings - Fork 4
Bug Bounty Program
We’re offering $DIP per unique bug found, and an extra $DIP 50,000 reward for the DIP Super Hunter 🦸🦹♀️ who finds the most unique significant bugs across the depeg and staking applications.
We’re classifying and rewarding bug hunters like this:
| Category | Example | $DIP per bug |
|---|---|---|
| High | Exploits, vulnerabilities or errors that will certainly or probabilistically lead towards loss of funds, control, or impairment of the application or the contract and its functions. E.g. loss of control over instance, staked funds vulnerabilities. | 25,000 |
| Medium | Bugs or issues that may be subject to exploit, though their impact is somewhat limited. E.g. inability to use policy / risk bundle / staking as intended | 10,000 |
| Low | Effects are minimal in isolation and do not pose a significant danger to the project or its users. E.g. invalid error messages, missing links | 2,000 |
| Informational | Consistency, syntax or style best practices. Generally pose a negligible level of risk, if any. E.g. typos, formatting of numbers. | 1,000 |
Links below will be added soon To help you on your hunt, we’ve pulled together a draft set of use cases to show you how the products are intended to work. And a Guide on how to use the testnet - you’ll be using fake DIP, USDC and MATIC on the Polygon testnet. The final product will go live on the Ethereum main net.
We’re also looking for constructive feedback for our draft product materials / use cases. Please post these in the relevant Discord channel.
We’re also looking for constructive feedback for these draft use cases and…. also offering 30,000 $DIP to a dedicated, committed member of the community to work closely with the team on an in-depth review / format of the product / launch materials. Please let us know if you’re interested, and what you would bring!
We want this to be super transparent so please put any feedback / your bugs into:
- the #depeg insurance discord
- (If you’re techy 😉 ) directly in Github
- Remember that we’ll only reward unique bugs found, so keep an eye on Github to check out which bugs have already been found (you don’t need a Github account to see this). Depeg webapp issues, Depeg smart contracts issues, Staking webapp issues
- We’ll aim to pay DIP tokens 72h after verification by the Etherisc team that the bug is authentic and unique. Keep an eye on the Github issue to check the status of your bug
- If you spot somebody that needs help during the hunt, or something doesn’t seem right, please support / call it out! 🙂
- Once your bug has been verified we’ll notify you about the bug bounty you receive.
- The Etherisc team has final say on which category the bug fits into, and who receives the DIP Super Hunter reward, it’s up to the Etherisc team how to do this
- The Etherisc team has already tested the products so is not taking part in the hunt or receiving $DIP for the hunt
- This is a first for Etherisc so any suggestions / feedback welcome