Technology can never be secure enough, and SuperNET believes that working with experienced security researchers across the globe is crucial in identifying weaknesses in any technology. If you find a security issue in our platform, we encourage you to notify us. We welcome working with you to resolve the issue promptly.Disclosure Policy Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to resolve the issue quickly.Give us a reasonable amount of time to resolve the issue before making any disclosure to the public or a third-party.Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with the explicit permission of the account holder.Public disclosure of vulnerability makes it ineligible for a bounty. Exclusions
While researching, we'd like to ask you to refrain from:Denial of service.Spamming.Social engineering (including phishing) of SuperNET staff or contractors.Any physical attempts against SuperNET property or data centers.Actively exploiting SuperNET or Komodo applications. The Security Bounty
For now, our bug bounty program is limited to security bugs only, but if someone finds some other critical vulnerability, e.g. related to privacy, then we may discuss the possibility of a bounty. We define a security bug to be something which affects the blockchain, emission of KMD, economic damage, financial loss or other critical areas. Contact us if you are not sure.
The security bugs are divided into several groups depending on their severity. The decision about the severity of each bug and the final bounty size is decided entirely between the SuperNET development and security team members.
Hunt bugs either from Komodo or Iguana Core:Iguana Core: github.com/jl777/SuperNET/Komodo: github.com/jl777/komodo
Bug bounties are paid either in BTC or KMD, depending on your preference.
Issues that are already known about are not eligible for a bounty reward.
SuperNET and Komodo team members are not eligible for a bounty.
Thank you for helping keep SuperNET and our users safe! Happy hunting!