Aragon token sale bug bounty



  • We’re excited to announce that we are conducting a bug bounty in advance of the Aragon Network Token sale. We believe bug bounties are essential to ensuring a safe release, and are especially important when cryptocurrency is being exchanged. This post will provide more details on our bug bounty program scope, the timeline, and compensation.

    Program Scope

    The scope of our bug bounty program includes all contracts related to the Aragon token sale and the Aragon Network Token code.

    Specifically, the bug bounty program will encompass:

    For more information about the sale, see our detailed GitHub document on the sale flow.

    Timeline

    As of this post, the bug bounty program is considered started and valid reports of bugs will be compensated moving forward. The bounty program will continue even after the token sale.

    Compensation

    We are using the OWASP risk assessment methodology to determine the bug’s level of threat to the sale.

    Note: Up to $100 USD

    Low: Up to $500 USD

    Medium: Up to $1,000 USD

    High: Up to $2,500 USD

    Critical: Up to $5,000 USD

    Example:

    An attack identified that could steal raised funds would be considered a critical threat.

    If there was a way for someone to spend more tokens than owned or to mint their own ANT, the bug would be considered a high threat.

    Please note that the submission’s quality will factor into the level of compensation. A high quality submission includes an explanation of how the bug can be reproduced, a failing test case, and a fix that makes the test case pass. High quality submissions may be awarded amounts higher than the amounts specified above.

    Note that bounties will be paid in ETH and that Aragon team members and paid auditors are not eligible for bounty compensation.

    Reporting

    Public disclosure of the bug or indication of an intention to exploit it on the mainnet will make the report ineligible for a bounty.

    If in doubt about other aspects of the bounty, most of the Ethereum Foundation bug bounty program rules will apply.

    Please report bug bounty submissions to [email protected]



Looks like your connection to Cryptocentral was lost, please wait while we try to reconnect.