Announcing Band Protocol’s Public Bug Bounty Program

We are excited to announce a public bug bounty program for Band Protocol smart contracts and ecosystem infrastructure. Security is one of our core tenets at Band Protocol, and we value the input of security professionals acting in good faith to help us maintain a high standard for the security of decentralized oracle protocol and its surrounding ecosystem.

Any security expert can file a bug report, which may qualify for a reward only when all the conditions are met:

• Band Protocol team must not be aware of the bug before the report.
• The reporter allows Band team a reasonable amount of time to fix the vulnerability before disclosing it to other parties or to the public.
• The reporter has not used the bug to receive any reward or monetary gain outside of the bug bounty rewards or allowed anyone else to profit outside the bug bounty program.
• The bug is reported without any conditions, demands, or threats.

The bounty rewards will be calculated based on an OWASP Risk Rating Methodology score, factoring in both impact and likelihood of the vulnerabilities.

The program contains the following two separate scopes.

Smart Contract Bugs

Vulnerabilities found within a selection of the core smart contracts of Band Protocol as deployed on Ethereum Kovan testnet will be rewarded BAND tokens based on their severities.

• Critical Level— a minimum of $2,000.
• High Level— a minimum of $500.
• Medium Level— a minimum of $200.
• Low Level— a minimum of $50.

All reward amounts are at our discretion. Only the bugs found in smart contract code are eligible. Attacks on the incentive mechanisms will not be eligible at the moment.

Ecosystem Infrastructure Bug

This program covers security vulnerabilities discovered within the Band Protocol public infrastructure including select websites and DNS configurations of the following domains:

• https://bandprotocol.com
• https://cosmoscan.io

Only Critical Level vulnerabilities will be rewarded at the moment. The eligible report can receive a minimum of $500 worth of BAND tokens.

Reporting Bugs

Please submit your bug report to bugbounty@bandprotocol.com

About Band Protocol
Band Protocol is a decentralized oracle framework for Web3.0 applications. Band Protocol connects smart contracts with trusted off-chain information, provided through community-curated oracle data providers. Blockchains are enabled to connect to any web API with assured data integrity through dPoS economic incentives through one simple function call. Developers using Band Protocol will be able to easily build and manage off-chain oracles, reputation scores, identity management systems and much more.

Website | Whitepaper | Telegram | Medium | Twitter | Reddit | Github