Announcement of the Paycheck Bug Bounty Program!
Welcome to the Program
We’re happy to announce the launch of the Paycheck Bug Bounty Program! Paycheck is nearing its second year of operation and has produced a handful of beta products that are now ready to be tested. We’ve been brainstorming ideas on how to get our community engaged in testing and how we can, in return, show our gratitude to the contributors who help keep our platform safe and secure for everyone.
The Paycheck Bug Bounty Program is our custom-tailored software testing program designed to reward users for spending their time helping us find and eliminate bugs within our network and applications. Anyone who contributes time and effort to help us find and eliminate bugs will be subject to receiving a reward for their participation.
Test our software and report bug findings to our team! Successfully file reports that results in our team eliminating the bug! Receive a bounty of our native CHECK tokens as a reward! Get ready, bug hunters! The hunt begins! Continue reading up on the information below to see the general terms of our bug bounty program and how to engage in software testing!
Software Testing
It’s time to gear up and prepare to test some of the upcoming Paycheck products that are due to launch soon! Paycheck smart contracts, token transfers and tokenomics, faucet, staking, locking, and soon our swapping service and NFT marketplace are all ready to enter the testing phase!
“Software testing is a fundamental component of the software development lifecycle. It reinforces the quality of the product and ensures better business optimization, less maintenance cost, product reliability, and a superior user experience.” James L. Odom, Paycheck CEO, remarks.
Alright, let’s proceed to the list of rules and instructions below that our team has provided for the community. Additionally, if you need help or have any questions, we are available to offer live support in our Discord and Telegram communities.
Here’s how it works:
1. You may begin your bug hunting journey by visiting the Paycheck Beta Website and searching for bugs within the Paycheck ecosystem and applications.
2. When you find bugs, you may report them to the Paycheck team by filling out the Paycheck Bug Report Form.
- The bug should show a threat to Paycheck’s economics and/or user/admin accounts and/or the Paycheck system as a whole (including frontend and backend).
- Unfortunately, we can’t accept an array of vulnerabilities exploited through social engineering (i.e., gaining access to accounts via phishing e-mails) since these kind of vulnerabilities can’t be maintained by any security service provider.
- We will accept some vulnerabilities exploited via OSINT tools, though (i.e., gaining access to servers via getting their addresses through several OSINT/pentest tools). These vulnerabilities can and will be maintained by the Paycheck team.
3. After you submit the revealed vulnerability, the Paycheck team will reach out to you and keep you updated on the bug status (reviewed, determined a non-issue/determined an issue, no action taken/action taken, etc.).
4. After the Paycheck team accepts and reviews the bug, there are three options available:
- The vulnerability isn’t a threat or cannot be replicated according to the bug hunter’s guidelines in viva**. In this case, we will inform you about this.
- The vulnerability is a threat to the project and can be replicated according to the bug hunter’s guidelines in viva**. In this case, we will keep you updated about each new step in the bug maintenance process. Prepare your wallet for incoming CHECK tokens!
- The vulnerability is a threat and can be replicated according to the bug hunter’s guidelines in viva but is related to the third-party service provider (i.e., the exchange we’re listed on)**. In this case, we will reach out to you and ask you to manually reach the third-party service provider and see whether or not they have any reward program for bug hunters. Even if the bug isn’t related to the Paycheck directly, you still have a chance of getting rewards!
5. When we state the found vulnerability as a threat to our project, we give the bug hunter some ranking points based on the estimation model. Grow your ranking and overcome other bug hunters in the competition!
6. We will regularly pay the rewards for the found vulnerabilities at the end of every competition season.
7. The Bug Bounty Reward Pool will be defined depending on the number of participants and their contribution to the project but shouldn’t surpass 10% of the Paycheck Marketing Fund (but if the community finds an excessive amount of bugs, we will review this point).
Team Evaluation
After completing the above steps in the software testing process, the team will then evaluate the resulting feedback through the evaluation model.
Here’s how it works:
1. Through our evaluation model, the Paycheck team should readily be able to evaluate the severity and priority levels for all of the vulnerabilities found. According to this, bug hunters will gain rating points.
2. The evaluation model is based on the CVSS (Common Vulnerability Scoring System) ver. 3.1.
- You can see how it works by visiting this link:
https://chandanbn.github.io/cvss/
3. Apart from the scoring system, the team will review the found vulnerabilities manually and “tip” those bug hunters whose contributions we find extremely valuable.
- This can be applied to critical vulnerabilities which have been found.
- Also, we can reward those bug hunters who make outstanding cumulative contributions (for example, one person finds a dozen bugs while the others report 1–2 each).
Paycheck Public Release
Paycheck is overwhelmingly close to its public release. We can hardly express the joy we feel. Our achievements thus far certainly wouldn’t be possible without the community helping us through each stage of the development process. Together we’ve worked consistently for nearly a year to get to where we are today.
We want to thank everyone who has participated throughout Paycheck’s young and blossoming life. All of you have put in the effort and a piece of your identity and vision into our project. Thank you all for contributing to our incredible project and believing in us! Paycheck is everyone’s project! It is for the whole world at large!
Conclusion
Conducting a bug bounty program complete with a rigorous testing and evaluation model is vital for any project that wishes to maintain a safe, secure and efficient working product for the long haul. Not only that, but it ensures to everyone who is paying close attention that the project intends to do things right from the very start.
This article aims to educate our community about the Paycheck Bug Bounty Program and the importance of software testing. If you follow the instructions and advice we have provided in this article, you will be prepared to take the first steps towards participating in the Paycheck Bug Bounty Program, and gaining a deeper understanding of the importance of beta testnet activities and software testing.