Get up to 100,000 Tokens by participating in Bodhi’s Bug Bounty Program

Bodhi Bug Bounty Specifications

Bodhi, as an open-sourced software project, relies on help from external developers to help identify issues, and to work on and help us solve issues that we come across. With this in mind, we want to encourage the public to spend time helping us test both our DApp as well as the underlying smart contracts to maximize efficiency and security.

Following the favorable code audit by CertiK, we are announcing a call for input from the Bodhi developer community!

Bug Types

Based on the OWASP Risk Rating Methodology (https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology), bugs are categorized as follows:

Bodhi Bug Bounty Rewards

• Critical: 40k — 100k BOT
• High: 10k — 40k BOT
• Medium: 2k — 10k BOT
• Low: 500–2k BOT
• Note: 0–500 BOT

Areas of Qualifying Bug Bounties

Smart Contracts in bodhi-core Github repo: https://github.com/bodhiproject/bodhi-core

• AddressManager.sol
• EventFactory.sol
• TopicEvent.sol
• OracleFactory.sol
• CentralizedOracle.sol
• DecentralizedOracle.sol
• Oracle.sol
• BaseContract.sol

Active Bounty Period

The Bodhi Bug Bounty program specified here will start right now! Beginning May 10, 2018 and end on November 10, 2018.

Rules and Details

• Submit new bugs with an overview, and supporting evidence to: bounty@bodhi.network
• Remember: the more documentation, the better! Whether it is more notes, pictures, or videos.
• Issues that have already been submitted by another user or are already known to the Bodhi team are not eligible for bounty.
• Public disclosure of a vulnerability makes it ineligible for a bounty.
• It is advised to bug hunt on your own deployed contracts once discovered. Please try to refrain from using the Bodhi mainnet and testnet contracts for further bug testing after discovered.
• Must be able to reproduce the bug fairly consistently and be able to share a walkthrough of steps undertaken to reproduce it.
• Bodhi employees and all other people paid by the Bodhi Team are ineligible for bounties.
• Submitted bugs for bounty will undergo a strict and thorough investigation by the Bodhi core developers. Determination of eligibility, impact, OWASP score and all items related to an award will be at the sole and final discretion of the Bodhi team.

Legal Notes

The bug bounty program is an experimental and discretionary rewards program for our active community to encourage and reward those who seek to help to improve the Bodhi platform. It is not a competition. The bug bounty program is subject to cancellation at any time and is purely at the sole discretion of the Bodhi team.

• In addition, we are not able to issue awards to individuals who are on sanctions lists or who are in countries on sanctions lists (e.g. North Korea, Iran, etc).
• You will be responsible for all taxes for rewards earned by the bug bounty program.
• All awards are subject to applicable law.
• Finally, your testing must not violate any law or compromise any data that is not yours.

For more on Bodhi, join the community!
www.bodhi.network
Github: https://github.com/bodhiproject
Twitter: https://twitter.com/bodhitoken
Telegram English Group: https://t.me/BodhiEN
Telegram Chinese Group: https://t.me/BodhiCN