Space Bug Bounty program
Welcome to ENEX.SPACE Bug Bounty program
The program will take place from September 1 to September 22, 2022.
About
ENEX.SPACE is a DeFi platform built on the Enecuum blockchain. ENEX.SPACE functions based on the ENX token. ENX benefits from overall liquidity in ENEX.SPACE and can be used to gain profit from trading operations. From the user’s point of view ENEX.SPACE consists of liquidity pools, treasury, Drop farms, Space drop, ETM, and Station.
We are committed to the security of the ENEX.SPACE and its users, that’s why ENEX development is governed by rigorous, conservative security measures that are not compromised for convenience.
You have to use the BIT test network for all the tests or use source code published.
Scope
https://app.enex.space/ v0.3.10 or higher if available
https://bit.enecuum.com/ main branch last commit
Enecuum browser extension v0.4.6 or higher if available
Enecuum iOS App PWA v0.4.6 or higher if available
Rewards
p0 — up to 100,000 ENX
p1 — up to 20,000 ENX
p2 — up to 6,000 ENX
p3 — up to 4,000 ENX
p4 — up to 3,000 ENX
Bugs details
The ENEX team adheres to a common taxonomy of bugs, as an example: ref.
Example of different vulnerabilities and rewards for it:
— Double spend or Anauthorised funds moving. up to 100,000 ENX*
— Stoppage of the network (Severe, do not include denial of service attacks). up to 20,000 ENX*
— Disabling certain subsystems of a node. up to 6,000 ENX*
*it is the approximate level of rewards, all reports of bugs found are considered on a case-by-case basis
Resources
extension: https://chrome.google.com/webstore/detail/enecuum/oendodccclbjedifljnlkapjejklgekf
iOS app: https://testflight.apple.com/join/WHOMGLUZ
guides: https://trinitylab.gitbook.io/enex.space/
app.enex.space github:https://github.com/Enecuum/dex-ui
bit.enecuum.com github: https://github.com/Enecuum/explorer
Report Formatting
In the Description of a Vulnerability Report, please format the replication process as an Ordered List. Valid reports, formatted the following way, will be prioritized:
Steps To Reproduce: (Add details for how we can reproduce the issue)
-step 1
-step 2
…
-step N
Report submission
Reports should be submitted to the Google Form
Please pay attention to the reply address field as we will need to contact you to discuss submission details or its status update.
Ineligible issues (May be closed as out of scope)
- Theoretical vulnerabilities without actual proof of concept
- Invalid or missing SPF (Sender Policy Framework) records (incomplete or missing SPF/DKIM/DMARC)
- Vulnerabilities only exploitable on out-of-date browsers or platforms
- Vulnerabilities related to auto-fill web forms
- Use of known vulnerable libraries without actual proof of concept
- Issues related to unsafe SSL/TLS cipher suites or protocol version
- Content spoofing
- Exposure of internal IP address or domains
- Vulnerabilities that require root/jailbreak
- Vulnerabilities that require physical access to a user’s device
- Any activity (like DoS/DDoS) that disrupts our services
- Reports from automated tools or scans
Contact information
bb@enex.space