Campaign | Announcing Parami Protocol’s Bug Bounty Program
Intro
Security is always the at the heart of a crypto project, especially when the project is a gateway to your Web 3.0, the PARA-Metaverse Identity, aka Parami Protocol. To secure and also build reputation in our tech community, we are now introducing the Parami Official Bug Bounty Program, starting now, ends at Feb. 4 2022. We have total award of 500,000 AD3 to offer.
BUG HUNTERS, come and get it!
Scope
The parami-blockchain repositories in Parami Github
https://github.com/parami-protocol/parami-blockchain
Not in scope
Other repositories in Parami Github, including:
/apps, /ChainBridge, /chainbridge-utils, /chainbridge-substrate-events, /go-substrate-rpc-client, /parami-chainbridge-solidity, /parami-scanner, /demo, /open-runtime-module-library, /bridge, /chainbridge-ui, /website, /magiclink, /Paramillionaire, /parami, /defi-pool, /docs, /parami-bounty-program, /Parami Bounty Program, /vision, /parami-protocol.github.io, /resolver
Criteria
There is one major criteria: Severity, and a few other qualities to consider:
- Quality of description. Higher rewards are paid for clear, well-written submissions.
- Quality of reproducibility. Please include test code, scripts and detailed instructions. To your best interest, please make it easy for us to reproduce and verify the vulnerability.
- Quality of fix, optional. Higher rewards are paid for submissions with clear description of how to fix the issue.
Reward
We will have the total reward of $500,000 AD3, which will be distributed within two weeks after the bounty program ends.
What is not included
- Front-end bugs: We have front-end sprints in purpose of improving the UI/UX, fixing possible bugs in data visualization and user interaction. While we greatly appreciate such reports from the community, there is no reward for that (except for our sincere gratitude).
- Contracts not included in the Parami Protocol: The reason is pretty straightforward, we are focusing on the above-mentioned products.
- Malfunction of third-party modules: We integrated many third-party modules into Parami Protocol for different purposes. In case they malfunction, there is nothing much we can do. Please report to the relevant projects.
What is a good bug report
- A bug should be described for the first time and should not be reported before. Previously reported issues are not eligible for a reward. First submission takes the trophy. Please do double-check before submitting.
- A bug report should have a detailed description and scenario for reproduction, as well as potential suggestions on how it can be fixed.
Submit
Create a “New issue” in the above-mentioned repository and include the following information:
- Severity
- Description of the bug
- Proof of Incidence, like sample code, screenshot, video
- Assumed cause (optional)
Bugs will be confirmed within three business days after submission. After confirmation and grading, the reward will be distributed to your wallet address within two weeks if we can timely contact you through Github/email. Meanwhile, do not disclose your submission in public before Parami team did so.
About Parami Protocol
Parami Protocol is to build AD3.0 for Web3.0. Parami vehicles the social DAO(decentralized Anonymous Organization) for advertisement distribution and traffic aggregation. Advertisers bid and pay for social NFT owned by both influencers and DAO members, which can monetize social impact and loyalty. Integrated to mainstream IM apps, Parami Protocol allows common netizens to readily cash in their attention instead of being exploited. Parami, the easy-to-use, contribution-rewarding, breach-proof gateway into the meta-universe of web 3.0.
Website | Telegram | (New!)Russian community | Twitter | Medium | Github | Discord
