INT Chain Release Security-vulnerabilities and Threat-intelligence Bounty Programme

To encourage community to review INT main chain and discover security-vulnerabilities INT Chain join the SlowMist Zone and release security-vulnerabilities and threat intelligence bounty programme. Reporters are welcome to visit “SlowMist Zone” website and goes to “Submit Bug Bounty” (URL：https://slowmist.io/en/bug-bounty.html) to submit a threat intelligence.

The reward standards are as follows:

The final award depends on the severity of the vulnerability and the true impact of the vulnerability, the values in the table are the highest rewards for each level. The reward paid in INT token is based on the price of INT/USDT on OKEX the day before the issue day. 2 million INT token will be ready for the Bounty Programme.

1. Scope of Business

INT Chain’s consensus layer, network layer, local wallet, Web wallet, private key management, serialization and security related to all RPC interfaces.

Main chain code: https://github.com/intfoundation/int (click readme to see deploy document)

Web wallet: https://test.wallet.intchain.io/

Web wallet code: https://test.wallet.intchain.io/

Email: intfoundation@intchain.io

2. Processing Flow

Reporting Stage

The reporter visits “SlowMist Zone” website and goes to “Submit Bug Bounty” (URL：https://slowmist.io/en/bug-bounty.html) to submit a threat intelligence. (Status: to be reviewed)

Processing Stage

1. Within one working day, the SlowMist Security Team will confirm the threat intelligence report from the “SlowMist Zone”, follow up, evaluate the problem, and feed the intelligence back to the INT Chain contact person in the meantime (status: under review).

2. Within three working days, the INT Chain technical team will deal with the problem, draw conclusions and record points (status: confirmed / ignored). They will communicate with the reporter if necessary, and ask the reporter for assistance.

Repairing Stage

1. The INT Chain business department shall repair the security problems in the threat intelligence and update online (status: repaired). The repairing timeframe depends on the problem severity and the repair difficulty. Generally speaking, it is within 24 hours for the critical and high-risk problems, within 3 working days for the medium-risk problems, and within 7 working days for the low-risk problems. The App security issue is limited by the version release, and the repairing timeframe is on a case-by-case basis.

2. The reporter will review whether the security problem has been repaired (Status: reviewed/reviewed with objection).

3. After the reporter confirms that the security problem is repaired, the INT Chain technical team will inform the SlowMist Security Team of the conclusion and the vulnerability score. They will issue rewards with the SlowMist Security Team (status: completed).

3. Vulnerability Level

Critical Vulnerabilities

A critical vulnerability refers to the vulnerability occurs in the core business system (main chain core business and wallet core function) which can cause a severe impact.

It is including but not limited to:

· Smart contract overflow and conditional competition vulnerability

· Consensus layer vulnerabilities or serious Ddos caused at a lower cost, directly resulting in the crash of the main chain or the failure of block generation.

High-risk Vulnerabilities

· Gain control rights by invading server through the full-node P2P network

· Unauthorized operation that involves money, payment logic bypassing (need to be successfully utilized)

· The permission control defects in the smart contract

· Status data error, like double spending

· System SQL injection

Medium-risk Vulnerabilities

· Main chain business design defects

· Unreasonable RPC interface or transactions during the parameter processing

· Denial-of-service vulnerabilities. It includes but is not limited to the remote denial-of-service vulnerabilities caused by denial-of-service of web applications

· The leakage of locally-stored sensitive authentication key information, which needs to be able to use effectively

Low-risk Vulnerabilities

· Local denial-of-service vulnerabilities. It includes but is not limited to the client local denial-of-service

· Unreasonable RPC interface return value or data structure design (unreasonable reason required)

· Issues that will seriously impact the user’s experience

· Other vulnerabilities that are less harmful and cannot be proven to be harmful

Telegram Official | Telegram Investors | Medium | Twitter | Facebook | YouTube | Reddit | Steemit| Quora | Bitcoin Talk