Credits increases its technological innovation day soon after working day and tends to make head with a credible faith in decentralized potential. The only way to succeed in the modern-day IT marketplace is to get the job done side-by-side with know-how-savvy researchers in order to treatment any weaknesses. It is for that rationale Credits team launches the first phase of Bug Bounty Marketing campaign. Credits invitations all interested developers and protection specialists to take part in the application. The initially stage is aimed to enhance source code, reduce vulnerabilities and improve the platform’s security.
The overall prize fund of the 1st stage is 500 000$. All payments will be built in USD and BTC/ETH/CS cash accounting for developer’s flavor.
- Fill out the registration form — https://varieties.gle/nEP7HhyFS8XSfpy4A
- Awareness! Search bugs in platform modules that are included in Bug Bounty Program (much more information in part “Assets in Scope”)
- Deliver information and facts about bugs as a result of the Issue ask for in the repository exactly where you located a bug. Credits formal Github — https://github.com/CREDITSCOM (Browse extra in the section “Reporting and investigating bugs”)
- The Credits workforce will evaluate all bugs and will offer you with suggestions as quickly as doable through the opinions on the website page with a certain bug.
- Distribution of benefits will be carried out in USD or cryptocurrency that you pick in the form of registration (BTC, ETH, CS)
The next elements of Credits Platform are bundled in 1 Phase of Bug Bounty Campaign:
If you have located a bug, remember to submit a report by means of generating a new difficulty on Credits Github. Observe that you are in a position to submit studies only concerning parts of the system integrated in “Software in Scope”.
- Asset. Selected the repository the bug is linked to and produce a “New Issue” in it. (For illustration, node software program — http://prntscr.com/o8aoqp)
- Severity. Chose the level of vulnerability in accordance to the desk in “Qualifying Vulnerabilities”
- Summary — Incorporate a summary of the bug
- Description — Any supplemental aspects about this bug
- Techniques — Steps to reproduce
- Supporting Product/References — Supply code to replicate, checklist any further product (e.g. screenshots, logs, and many others.)
- Effects — What affect does the located bug has, what could an attacker accomplish?
- Your identify and state.
1) For practical installation we endorse you to use finished binaries obtainable by means of the following backlinks:
2) Developers are also in a position to compile software program employing supply code offered on Credits Github. Examine the instruction beneath:
- Obtain “node” applying “bug_bounty” department, then abide by recommendations in Readme file,
- Down load “contract-executor” using “bug_bounty” department, then adhere to the instruction in Readme file,
- Obtain “wallet-desktop” applying “bug_bounty” branch, then abide by the instruction in Readme file,
- Link to the TestNet, via the entry server 22.214.171.124, port 6018
- You are capable to test transaction using blockchain certification explorer — Credits Watch. Keep in mind, that it is not provided in “Assets in Scope” for Bug Bounty Marketing campaign.
- You will routinely acquire coins for tests of TestNet Release 4.2 community right after registration will be performed (check “Steps to participate”).
- For all “Software in Scope” there are quite a few levels of bugs which will have a unique amount of money of benefits.
- For several bugs with a person underlying root lead to, the place one fix can be utilized to remediate, we will contemplate this as 1 vulnerability and only award once.
- The only initial developer who has identified bugs will get a reward
- Builders are in a position to post fixes for observed bug applying “Pull Request” on Credits Github. In circumstance that developers’ correction will be thought of like a practical the amount of reward will be greater in 3 occasions
For eventualities that do not tumble inside just one of the previously mentioned categories, Credits group still appreciates reports that support us to make the system additional protected and secure. In common, developers will be rewarded on the basis of table over. Remember to note these are normal suggestions, and that remaining reward selections are up to the discretion Credits technical staff.
Stick to the campaign problems and do not conduct prohibited actions in purchase to get a reward.
- The total amount of remuneration relies upon on the dangers and the effect of the bug on the do the job of the providers and will be identified by the complex team of the task independently
- Putting the information within the clever contract is prohibited
- The sizing of the clever deal is restricted to 1 MB
- Assaults on Denial of Support are prohibited
Any pursuits performed in a fashion dependable with this plan will be viewed as authorized conduct and we will not initiate lawful action against you.
If lawful motion is initiated by a third get together from you in relationship with pursuits conducted under this plan, we will choose measures to make it acknowledged that…