Livepeer (Non Smart Contract) Security Disclosure Program
Program Overview
Livepeer is a decentralized video streaming network built on the Ethereum blockchain. Through the power of open source software, the harnessing of underutilized resources like compute and bandwidth, and the use of cryptoeconomic incentives for bootstrapping and participation, there is an opportunity to deliver an infrastructure that can power video streaming applications at a highly efficient price, and infinite scale.
This program covers all non smart contract scopes. For the smart contract bounty program, please refer to https://immunefi.com/bounty/livepeer/.
For more information about Livepeer, please visit https://livepeer.org/.
Threat Level
Not Included: issues discoverable by running popular automated scanning software like SPF/DMARC email record.
Low: issues that affect the user experience in a moderate way, but not affecting the underlying video streaming infrastructure.
Medium: unique issues that affect the video streaming experience in a moderate way, but not resulting in any economic impact. No customer data at significant risk.
High: unique issues that significantly impacts the video streaming infrastructure, or results in a loss of user funds. Significant risk for customer data.
In addition, Livepeer Inc welcomes any and all security disclosures. We understand that the structure above may not suit all cases, and will proactively engage whitehats to ensure fair compensation.
Rewards by Thread Level
Not Included: $0 (But thank you for reporting! We will happily put you on our wall of honor)
Low: up to $100
Medium: $100 to $500
High: $500 to $1000
Important Legal Information
The bug bounty program is an experimental and discretionary rewards program for the active Livepeer community to encourage and reward those who are helping to improve the Livepeer product. You should know that we can cancel the program at any time, and awards are at the sole discretion of Livepeer. In addition, we are not able to issue awards to individuals who are on sanctions lists or who are in countries on sanctions lists. You are responsible for all taxes. All awards are subject to applicable law. Finally, your testing must not violate any law or compromise any data that is not yours.
We will do our best to respond to your submission as quickly as possible, keep you updated on the fix, and award a bounty where appropriate.
How to report a bug:
Please report your submissions to security@livepeer.org
Public disclosure of the bug or indication of an intention to exploit it will make the report ineligible for a bounty.
Submitting anonymously or with a pseudonym is OK, but will make you ineligible for BTC/Eth rewards. To be eligible for BTC/Eth rewards, we require your real name and a proof of your identity. Donating your bounty to a charity doesn’t require your identity.
