DINNGO Exchange Bug Bounty Program

DINNGO
DINNGO
Mar 11, 2019 · 3 min read

DINNGO engineers have made every effort to ensure that our platform and users are 100% safe and sound. To help us maintain the highest standard for the security, we are launching the DINNGO Exchange Bug Bounty Program.

This program is intended to work with independent security researchers across the globe and set out our definition of good faith in the context of finding and reporting vulnerabilities, as well as what you can expect from us in return. Should you encounter a security vulnerability in one of our products, we want to hear from you.

Image for post
Image for post

Scope

The bug bounty program is to reward community members for discovering and reporting bugs. The scope of the bounty will be limited to https://exchange.dinngo.co/#/ and https://github.com/Dinngo/dinngo-exchange and the contracts they inherit from.

DINNGO reserves the right to modify or cancel the DINNGO Bug Program at DINNGO’s sole discretion and at any time.

Rewards

The value of rewards will vary depending on severity as judged by the DINNGO team. The severity of a bug is determined according to the OWASP risk rating model based on Impact and Likelihood, as employed in the Ethereum bug bounty campaign:

Image for post
Image for post
  • Note: Up to $100 USD
  • Low: Up to $500 USD
  • Medium: Up to $1,000 USD
  • High: Up to $2,500 USD
  • Critical: Up to $5,000 USD

DINNGO determines the eligibility of vulnerability, scores and whether a reward is granted at its sole and own discretion. A granted reward for Critical bug will be paid in ETH and the rest (Note/Low/Medium/High bug) will be paid in DGO.

First Reporter Rule

Rewards for a specific vulnerability go to the first reporter. We will review duplicate bugs to see if they provide additional information, but otherwise a subsequent bug report reporting the same or similar vulnerability will not be eligible for a reward (first come first serve principle).

General Rules

  • Do not violate the privacy or any rights of DINNGO’s users or support third parties with such actions.
  • Do not destroy or alter discovered data.
  • Do not disrupt or compromise our services.
  • You must not use, attempt or be involved in any kind of (1) spam (2) social engineering techniques, including SPF and DKIM issues (3) distributed denial of service (DDOS) attacks (4) attacking any kind of physical security measures.
  • You must provide us a reasonable amount of time to fix the bug before disclosing it to anyone else, and give us adequate written warning before disclosing it to anyone else.
  • Non-security issues (style issues, gas optimizations) are not eligible.
  • Sharing any information of the vulnerability to any third party is prohibited.

Any breaking or neglecting of these rules will be a violation of the DINNGO Bug Bounty Program.

Report a Bug

  • Submit your bug report at the link here https://go.dinngo.co/2YxhZ3y
  • Please limit each submission to one issue.
  • In your bug report, please make sure to include steps to reproduce the issue and attach any necessary information, such as screenshots and logs.
  • Try to include as much information as you can in the report, including a description of the bug, its potential impact, and steps for reproducing it or proof of concept.
  • Your ETH address for payment should also be provided in the report.
  • Please allow five (5) business days for us to respond before sending another report or email.

Links

DINNGO

Visit our website for more information https://dinngo.co/

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store