Announcing the launch of the Gametree Bug Bounty Program

<Intro>

Gametree Bug Bounty Program is a safety program to provide a secure service to users to figure out the weakness of Gametree service. The reason for implementing that program is to fix the Gametree service security vulnerability with Security professionals around the world and make more safe and better service

<Target>

Please report vulnerabilities that occur in the latest version of the service and game below

(Only Gametree and Black Squad Classic are targets for this program)

- Gametree: https://gametree.io/

• Black Squad Classic: https://www.blacksquadclassic.io/

<Rewards>

vulnerability

Rewards Price

Account takeover

GTCOIN ~5,000

Remote Code Execution

GTCOIN ~2,000

Full access to the filesystem or database

GTCOIN ~1,000

Execute code on the client

GTCOIN ~200

Logical flow Bugs

GTCOIN ~100

<Excluded case from the rewards>

Following these cases are excluded from the rewards

- Vulnerability is not realized when the bug report received

- Gametree team already were aware of the problem of that vulnerability before receiving the bug reports even get the bug report

For example,

1) Due to that vulnerability, Gametree service could not revise the service

2) In this case, the Gametree Security Team provides a sufficient explanation to the report about the background and point of discovery

- Acquired the information through improper behavior except for proof of the vulnerability

- Already report that vulnerability through other people

- Already make public that vulnerability

- Only submitted the vulnerability without the proof

- Be involved too many users for that vulnerability

- Discluded the security system and occurred the vulnerability

- Already reported otherwhere (other than KISA)

- Falsification page using the error page

- Reply to the specific function of the service

- Expose the server application information

- Stealing cookies due to SSL not being applied

• Other vulnerabilities that are not considered a security threat

<Restriction and Disclosure Policy>

- Please only open it to the public after the repair and upgrade of the system. However, If the Gametree security team allows the public to disclose that weakness, users can reveal it.

- Please abstain from other users that cause damage to other people

- Gametree and related company employees prohibit from participating in this program

• Please do not open it to the public before the repair and upgrade of the system. However, If the Gametree security team allows the public to disclose that weakness, users can reveal it.

<Report>

Please report through the email below

- Report email: info@gametree.io

<Better to include this category in the report>

- Vulnerability name

- How to find that vulnerability

- Code to reproduce the bugs

- Service and domain which occur the bugs

• The description affects that vulnerability problem on the security in service or domain.

About Gametree

Gametree is the developer of the Black Squad Classic NFT Optimus system and the virtual combat training system that was jointly developed with the Korea Military Academy.

Official Community

Homepage: http://gametree.io

Discord: https://discord.gg/blacksquadclassicnft…

Telegram Global channel: http://t.me/gametree_channel…

Twitter: https://twitter.com/gtprotocol

Medium: http://medium.com/gametree-gt