openANX Bug Bounty Program

No More Bugs!

We are starting our bug bounty program for all contracts and software relevant for our upcoming token launch. Read more about our Token launch mechanics here <https://github.com/openanx/OpenANXToken>

Major bugs will be rewarded up to 5000 OAX tokens. Much higher rewards are possible (up to 10000 OAX tokens) in case of very severe vulnerabilities. The bounty program will be capped at 50000 OAX tokens.

Most of the rules on https://bounty.ethereum.org apply. For example: First come, first serve. Issues that have already been submitted by another user or are already known (such as these) to the team are not eligible for bounty rewards.

Scope of Bug Bounty Program

Within scope:

Examples of what’s in scope

  • Being able to obtain more tokens (OAX) than expected
  • Being able to obtain OAX from someone without their permission
  • Bugs that allow the owner to lose control of the smart contract during the token sale period
  • Bugs causing a transaction to be sent that was different from what a user confirmed: for example, a user transfers 10 OAX but exactly 10 wasn’t transferred.

Submission deadline

The bug bounty ends on the 21st June, 2017.

Responsible Disclosure Policy

If you comply with the policies below when reporting a security issue to us, we will not initiate a lawsuit or law enforcement investigation against you in response to your report.

We ask that:

  • You give us reasonable time to investigate and mitigate an issue you report before making public any information about the report or sharing such information with others.
  • You make a good faith effort to avoid privacy violations and disruptions to others, including (but not limited to) destruction of data and interruption or degradation of our services.
  • You do not exploit a security issue you discover for any reason. (This includes demonstrating additional risk, such as attempted compromise of sensitive company data or probing for additional issues.)
  • You do not violate any other applicable laws or regulations.

Contact

Email your submissions to: bounty@openanx.org

Don’t forget to include your ETH address so you can be rewarded (If more than one address is specified, only one will be used at the discretion of the bounty program administrators).

Anonymous submissions welcome.

For questions use the slack here

Credits: This bounty program borrowed heavily from the gnosis bounty program design.