Graviton Exploit Exploration Mission
We have always appreciated our community’s close involvement in enhancing the Graviton app and contributing to growth of the project.
Today we announce the Graviton Exploit Exploration Mission and invite Graviteers to join bug hunting across Graviton app frontend, backend infrastructure, and smart contracts. This program provides rewards for the most comprehensive, well-considered and fully described submissions of potential vulnerabilities.
Please have a look at the bullet points below before starting your exploration mission.
- All bug reports must be submitted to info@graviton one.
- Public disclosure of a vulnerability makes it ineligible for a reward.
- Please note that the infrastructure on Fantom and Ethereum, or Gnosis safe wallet are not part of the Exploit Exploration Mission (only Graviton products are subject to testing).
Graviton Exploit Exploration Mission considers a number of variables in determining rewards. Determinations of eligibility, quality assessment and all terms related to an award are at the sole discretion of multisig signers.
Please, submit a vulnerability using to the following template:
The points marked with an asterisk (*) are obligatory.
- Your name *
- Your Telegram account *
- Short description of a vulnerability*
Example: Remote Denial-of-service using non-validated blocks.
- Attack scenario *
Example: An attacker can attempt to mine blocks which may require some resource-heavy computation (up to the maximum gasLimit) but provide no proof-of-work. If the attacker sends blocks continuously, the victim node may be forced into 100% CPU utilization.
Example: Go client version v0.6.8
- Reproduction *
Example: Send a block to a testnet node which contains many txs but no valid PoW (or a link to a Github Gist with reproduction details).
Any other details not covered. Can also contain links to GitHub Gists, repos containing code samples, etc.