Credits improves its technology day after day and makes head with a credible faith in decentralized future. The only way to succeed in the modern IT market is to work side-by-side with technology-savvy researchers in order to remedy any weaknesses. It is for that reason Credits team launches the first stage of Bug Bounty Campaign. Credits invites all interested developers and security experts to participate in the program. The first stage is aimed to optimize source code, eliminate vulnerabilities and improve the platform’s security.
The overall prize fund of the first stage is 500 000$. All payments will be made in USD or BTC/ETH/CS coins accounting for developer’s taste.
1) Fill out the registration form — https://forms.gle/nEP7HhyFS8XSfpy4A
2) ATTENTION! Search bugs in platform modules that are included in Bug Bounty Program (more information in section “Assets in Scope”)
3) Provide information about bugs through the ISSUE request in the repository where you found a bug. Credits official Github — https://github.com/CREDITSCOM (Read more in the section “Reporting and investigating bugs”)
4) The Credits team will review all bugs and will provide you with feedback as quickly as possible via the comments on the page with a specific bug.
5) Distribution of rewards will be carried out in USD or cryptocurrency that you select in the form of registration (BTC, ETH, CS)
The following components of Credits Platform are included in 1 Stage of Bug Bounty Campaign:
- Network Node — blockchain software — https://github.com/CREDITSCOM/node
- Contract Executor — application for deployment and execution of smart contract methods — https://github.com/CREDITSCOM/contract-executor
- Wallet Desktop — desktop wallet application — https://github.com/CREDITSCOM/wallet-desktop
- CScrypto — library submodule for node repository — https://github.com/CREDITSCOM/cscrypto
If you have found a bug, please submit a report through creating a new issue on Credits Github. Note that you are able to submit reports only regarding components of the platform included in “Software in Scope”.
- For all “Software in Scope” there are several degrees of bugs which will have a different amount of rewards.
- For multiple bugs with one underlying root cause, where one fix can be applied to remediate, we will consider this as one vulnerability and only award once.
- The only first developer who has found bugs will get a reward
- Developers are able to submit fixes for found bug using “Pull Request” on Credits Github. In case that developers’ correction will be considered like a viable the amount of reward will be increased in 3 times.
For scenarios that do not fall within one of the above categories, Credits team still appreciates reports that help us to make the platform more secure and stable. In general, developers will be rewarded on the basis of table above. Please note these are general guidelines, and that final reward decisions are up to the discretion Credits technical team.
The full description of Bug Bounty Campaign is available here - https://medium.com/@credits/credits-bug-bounty-campaign-stage-1-30020dc3884b