Confidant Bug Bounty Program
— accept security vulnerabilities and non-security bugs
Program Time: July 10 — Sept 30
Submissions shall be sent to:
qlc.hackathon@protonmail.com
PGP Fingerprint: 5962280664e521bd2574e5df46a64c0c403b258d
Confidant app download link and source code:
Android download Android Github
Start off from a Confidant trial account:
cryptosophies.com/qlc-bug-bounty/
Background
As a public chain aiming to create a secure and trusted environment for telecom services, the security of private information and user data has always been at the core of QLC Chain services. As part of the commitment, Confidant, a secure and trusted communication platform now invites developers and security researchers to help protect Confidant and its users by identifying bugs and security vulnerabilities via this Bug Bounty Program.
Bug Reporting Process
When reporting bugs, there will be some information required for bugs description and reward distribution. Please send the information as listed below to qlc.hackathon@protonmail.com. A submission portal is in process and will be available on QLC Chain website soon.
- Your name
- Your nep-5 wallet public address for receiving rewards.
- Your email address for contacting us
- Specific type of bug
- Detailed steps needed to reproduce the issue
- If it is a vulnerability issue, have a description of the risk and possible exploits
- How is this issue different from what is expected
If you wish to stay anonymous, either contact us with a throw away email address or let us know that you do not want to be named.
Rules and rewards
Confidant Bug Bounty Program welcomes both security vulnerability and general bug reports. All the reported issues will be evaluated based on their severity and security impact on the product and its users.
Rewards shall be distributed in either BTC or QLC.
Your bug reports will be rated based on the severity and its impact on Confidant performance and its user experience.
QLC Chain developer community always aims to tap into the potential of the community to contribute to a more stable, secured and prosperous QLC Chain ecosystem. As such QLC Chain may award a lucrative reward bonus for exceptional bug finders. The decision will be made at QLC Chain team’s discretion .
Awarding Process
QLC Chain team will evaluate all valid bug submissions that are accepted and then reach out to inform the submitter. Reward distribution will be completed once o a acceptance of the bugs.
In scope
Confidant Station and Confidant app for Android and iOS.
Confidant app download link and source code:
Android download Android Github
Confidant trial account for developers and security researchers — please access here:
cryptosophies.com/qlc-bug-bounty/
Terms and Conditions
- While participating Bug Bounty Program, you must refrain from
- Attacks against Confidant infrastructure
- Social engineering and physical attacks
- Distributed Denial of Service attacks that require large volumes of data
- Provisioning and/or usability issues
- Violations of licenses or other restrictions applicable to any vendor’s product
- Security bugs in third-party products or websites that are not under QLC Chain team’s direct control
- Vulnerabilities that are a result of malware
- Theoretical security issues with no realistic exploit scenario(s) or attack surfaces, or issues that would require complex end user interactions to be exploited, may be excluded
- Issues determined to be low impact may be excluded
- In addition, the submitter must NOT be the author of the code with the vulnerability
Vulnerabilities that are disclosed to any party other than QLC Chain Team, including vulnerability brokers, will not qualify for Bug Bounty reward. This includes both full public disclosure and limited private release.
