Introduction Credits improves its technology day after day and makes head with a credible faith in decentralized future. The only way to succeed in the modern IT market is to work side-by-side with technology-savvy researchers in order to remedy any weaknesses. It is for that reason Credits team launches the first stage of Bug Bounty Campaign. Credits invites all interested developers and security experts to participate in the program. The first stage is aimed to optimize source code, eliminate vulnerabilities and improve the platform’s security. The overall prize fund of the first stage is 500 000$. All payments will be made in USD and BTC/ETH/CS coins accounting for developer’s taste. Steps to participate: Fill out the registration form — https://forms.gle/nEP7HhyFS8XSfpy4A ATTENTION! Search bugs in platform modules that are included in Bug Bounty Program (more information in section “Assets in Scope”) Provide information about bugs through the ISSUE request in the repository where you found a bug. Credits official Github — (Read more in the section “Reporting and investigating bugs”) https://github.com/CREDITSCOM The Credits team will review all bugs and will provide you with feedback as quickly as possible via the comments on the page with a specific bug. Distribution of rewards will be carried out in USD or cryptocurrency that you select in the form of registration (BTC, ETH, CS) Software Assets in Scope The following components of Credits Platform are included in 1 Stage of Bug Bounty Campaign: Network Node — blockchain software — https://github.com/CREDITSCOM/node Contract Executor — application for deployment and execution of smart contract methods — https://github.com/CREDITSCOM/contract-executor Wallet Desktop — desktop wallet application — https://github.com/CREDITSCOM/wallet-desktop CScrypto — library submodule for node repository — https://github.com/CREDITSCOM/cscrypto Investigating and reporting bugs If you have found a bug, please submit a report through creating a new issue on Credits Github. Note that you are able to submit reports only regarding components of the platform included in “Software in Scope”. Asset. Chose the repository the bug is related to and create a “New Issue” in it. (For example, node software — ) http://prntscr.com/o8aoqp Severity. Chose the level of vulnerability according to the table in “Qualifying Vulnerabilities” Summary — Add a summary of the bug Description — Any additional details about this bug Steps — Steps to reproduce Supporting Material/References — Source code to replicate, list any additional material (e.g. screenshots, logs, etc.) Impact — What impact does the found bug has, what could an attacker achieve? Your name and country. Software to use The Bug Bounty Campaign is held in the network. Participants have two ways to install the necessary software and enter the network: TestNet Release 4.2 1) For convenient installation we recommend you to use completed binaries available through the following links: For Windows For Linux 2) Developers are also able to compile software using source code available on Credits Github. Check the instruction below: “node” using “bug_bounty” branch, then follow instructions in file, Download Readme “contract-executor” using “bug_bounty” branch, then follow the instruction in file, Download Readme “wallet-desktop” using “bug_bounty” branch, then follow the instruction in file, Download Readme Connect to the TestNet, through the entry server 169.50.169.10, port 6018; You are able to check transaction using blockchain explorer — . Remember, that it is not included in “Assets in Scope” for Bug Bounty Campaign. Credits Monitor You will automatically receive coins for testing of TestNet Release 4.2 network after registration will be done (check “Steps to participate”). Qualifying Vulnerabilities For all “Software in Scope” there are several degrees of bugs which will have a different amount of rewards. For multiple bugs with one underlying root cause, where one fix can be applied to remediate, we will consider this as one vulnerability and only award once. The only first developer who has found bugs will get a reward Developers are able to submit fixes for found bug using “Pull Request” on Credits Github. In case that developers’ correction will be considered like a viable the amount of reward will be increased in 3 times For scenarios that do not fall within one of the above categories, Credits team still appreciates reports that help us to make the platform more secure and stable. In general, developers will be rewarded on the basis of table above. Please note these are general guidelines, and that final reward decisions are up to the discretion Credits technical team. Requirements and Rules: Follow the campaign conditions and do not perform prohibited actions in order to get a reward. The total amount of remuneration depends on the risks and the impact of the bug on the work of the services and will be determined by the technical team of the project individually Placing the content inside the smart contract is prohibited The size of the smart contract is limited to 1 MB Attacks on Denial of Service are prohibited Legal Information Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.

About Our Half a Million Dollar Bug Bounty Campaign

Too Long; Didn't Read

Coin Mentioned

@andrey

RELATED STORIES