Announcing The StandardBounties Bug Bounty Campaign
Now that the Bounties Network is in public beta, we’re delighted to announce that we’re launching the platform by running a public bug bounty on the StandardBounties contract. The contract that runs the beta is currently deployed at 0x066128b9f7557b5398db3d4ed141f2e64245ffa1, with all accompanying source code also verified on Etherscan.
To put it briefly, the StandardBounties contract acts as a registry for any bounty on any task, paying in either ETH or ERC20 tokens. Bounties go through a simple flow of issuance, fulfillment, and acceptance, with many accompanying features included to make the bounties as robust as possible.
For a thorough documentation of all contract functionalities, please see the StandardBounties Github Repo.
We’re following the OWASP model to evaluate bug severity:
The rewards for submitting bugs at each severity are:
- CRITICAL: 10 ETH + added as author to StandardBounties.sol contract
- MAJOR: 5 ETH + added as author to StandardBounties.sol contract
- MEDIUM: 2.5 ETH
- LOW: 1 ETH
As stated in each bounty posting linked above, payouts will be made to the first individual who reports a bug, and exploits will not be eligible for payouts if they’ve been used on the main-net contract. Issues around style and gas optimization will also not be eligible for this bounty. Determinations of eligibility and all terms related to this award are at the sole and final discretion of the StandardBounties team. Any any bugs reported in our previous audit will also be excluded.
