Gimli Token Sale Bug Bounty
The Gimli Token Sale Bug Bounty provides bounties for bugs in the Token Sale contracts. This is not a bounty program for bugs in the betting, voting and donation functions of Gimli itself.
Overview
Our token sale contracts were designed and reviewed based on the OpenZeppelin model and can be found on our Github.
Major bugs will be rewarded up to 50,000 GIM. Higher rewards are possible (up to 100,000 GIM) in case of very severe vulnerabilities.

Why a bug bounty program?
We at Gimli firmly believe in a decentralized tomorrow. We call on the blockchain community to help identify bugs and vulnerabilities in our code. While our contracts were designed and reviewed by experienced blockchain developers from Counterparty and others, nothing beats the wisdom of the crowd.
Our bug bounty program is modeled on the Ethereum bug bounty program.
Rules
Most of the rules on https://bounty.ethereum.org apply:
- Issues that have already been submitted by another user or are already known to the Gimli team are not eligible for bounty rewards.
- Public disclosure of a vulnerability makes it ineligible for a bounty.
- Anyone who was a paid auditor of this code is not eligible for rewards.
- Determinations of eligibility, score and all terms related to an award are at the sole and final discretion of the Gimli team.
- The scope of the bounty includes all of the contracts on our Github.
Rewards
The value of rewards paid out will vary depending on Severity. The severity is calculated according to the OWASP risk rating model based on Impact and Likelihood, as used by the Ethereum bug bounty program.

Rewards are as follows:
- Note: Up to 1,000 GIM
- Low: Up to 5,000 GIM
- Medium: Up to 10,000 GIM
- High: Up to 50,000 GIM
- Critical: Up to 100,000 GIM
In addition to Severity, other variables are also considered when the Gimli team decides compensation, including (but not limited to):
- Quality of description. Higher rewards are paid for clear, well-written submissions.
- Quality of reproducibility. Please include test code, scripts and detailed instructions. The easier it is for us to reproduce and verify the vulnerability, the higher the reward.
- Quality of fix, if included. Higher rewards are paid for submissions with clear description of how to fix the issue.
Contact
For any questions, please join the Gimli Slack (get your invite here) and join the #bug_bounty channel.
For submissions, please send to contact@gimli.io. We also welcome anonymous submissions.

