Skip to content

Latest commit

 

History

History
45 lines (29 loc) · 1.74 KB

bugbounty.md

File metadata and controls

45 lines (29 loc) · 1.74 KB

Bug Bounty Overview

ZetaChain is committed to security across all aspects of its ecosystem. To that end, ZetaChain has established a bug bounty program to reward researchers, developers, and users who help identify and report security vulnerabilities.

You can access and report issues at https://immunefi.com/bounty/zetachain/.

Scope

The scope of this bug bounty program is focused on ZetaChain's smart contracts, public-facing APIs, blockchain protocol/infrastructure, and web applications.

Program Guidelines

  1. All reports must be submitted through Immunefi, accessible here.
  2. Report any suspected vulnerability promptly.
  3. Do not attempt to exploit a vulnerability without prior authorization.
  4. Do not publicly disclose a vulnerability before it is reported and patched.
  5. Do not access data or systems beyond the scope of the vulnerability.
  6. Do not use social engineering techniques.
  7. Do not attempt to access accounts or personal data of users.

Rewards

The rewards for successful vulnerability reports range from $5,000 to $100,000, depending on the severity of the issue. All payouts are to be done by the ZetaChain team through Immunefi.

Smart Contracts

Critical USD $30,000 to $100,000
High USD $10,000 to $30,000
Medium USD $10,000

Websites and Applications

Critical USD $15,000 to $30,000
High USD $5,000 to $15,000
Medium USD $5,000

Responsible Disclosure

We value responsible disclosure, and we encourage all participants to act responsibly when reporting vulnerabilities.

Contact

For any questions or concerns, please contact us at bugbounty@zetachain.com.