From ebb6ecfc144a5204be9372a65aabb90f32e937a6 Mon Sep 17 00:00:00 2001 From: Brandon Truong Date: Wed, 11 Jan 2023 10:23:00 -0500 Subject: [PATCH 1/2] Create bugbounty.md --- bugbounty.md | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 bugbounty.md diff --git a/bugbounty.md b/bugbounty.md new file mode 100644 index 00000000..eaa2aaa0 --- /dev/null +++ b/bugbounty.md @@ -0,0 +1,45 @@ +## Bug Bounty Overview + +ZetaChain is committed to security across all aspects of its ecosystem. To that end, ZetaChain has established a bug bounty program to reward researchers, developers, and users who help identify and report security vulnerabilities. + +You can access and report issues at [https://immunefi.com/bounty/zetachain/](https://immunefi.com/bounty/zetachain/). + +## Scope + +The scope of this bug bounty program is focused on ZetaChain's smart contracts, public-facing APIs, blockchain protocol/infrastructure, and web applications. + +## Program Guidelines + +1. All reports must be submitted through the ImmuneFI, accessible [here](https://immunefi.com/bounty/zetachain/). +2. Report any suspected vulnerability promptly. +3. Do not attempt to exploit a vulnerability without prior authorization. +4. Do not publicly disclose a vulnerability before it is reported and patched. +5. Do not access data or systems beyond the scope of the vulnerability. +6. Do not use social engineering techniques. +7. Do not attempt to access accounts or personal data of users. + +## Rewards + +The rewards for successful vulnerability reports range from $5,000 to $100,000, depending on the severity of the issue. All payouts are to be done by the ZetaChain team through ImmuneFi. + +### **Smart Contracts** + +| Critical | USD $30,000 to $100,000 | +| --- | --- | +| High | USD $10,000 to $30,000 | +| Medium | USD $10,000 | + +### **Websites and Applications** + +| Critical | USD $15,000 to $30,000 | +| --- | --- | +| High | USD $5,000 to $15,000 | +| Medium | USD $5,000 | + +## Responsible Disclosure + +We value responsible disclosure, and we encourage all participants to act responsibly when reporting vulnerabilities. + +## Contact + +For any questions or concerns, please contact us at bugbounty@zetachain.com. From e9747c7fdddff3579d0ae49d731769f93856aed8 Mon Sep 17 00:00:00 2001 From: Brandon Truong Date: Wed, 11 Jan 2023 10:36:48 -0500 Subject: [PATCH 2/2] Update bugbounty.md --- bugbounty.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bugbounty.md b/bugbounty.md index eaa2aaa0..8de375d3 100644 --- a/bugbounty.md +++ b/bugbounty.md @@ -10,7 +10,7 @@ The scope of this bug bounty program is focused on ZetaChain's smart contracts, ## Program Guidelines -1. All reports must be submitted through the ImmuneFI, accessible [here](https://immunefi.com/bounty/zetachain/). +1. All reports must be submitted through Immunefi, accessible [here](https://immunefi.com/bounty/zetachain/). 2. Report any suspected vulnerability promptly. 3. Do not attempt to exploit a vulnerability without prior authorization. 4. Do not publicly disclose a vulnerability before it is reported and patched. @@ -20,7 +20,7 @@ The scope of this bug bounty program is focused on ZetaChain's smart contracts, ## Rewards -The rewards for successful vulnerability reports range from $5,000 to $100,000, depending on the severity of the issue. All payouts are to be done by the ZetaChain team through ImmuneFi. +The rewards for successful vulnerability reports range from $5,000 to $100,000, depending on the severity of the issue. All payouts are to be done by the ZetaChain team through Immunefi. ### **Smart Contracts**