OpenEthereum Bug Bounty Program

Rewards for our community of white-hat warriors

Marcelo Ruiz de Olano
Oct 9 · 4 min read
Image for post
Image for post
Illustrations by Lea Filipo.

We are glad to present the guidelines for our new bug bounty program. Its goal is to deliver a stable and secure Ethereum client while rewarding the community for helping us find and address significant security gaps.

The scope of the program is our OpenEthereum client located in this Github repository and the associated released binaries.

Eligibility

We will consider bugs affecting Ethereum mainnet that threaten the network security and could jeopardize its stability.

Bugs which can be used to bring down or take control of OpenEthereum without direct access to the machine are also considered.

Deprecated features and versions of the software previous to our last release will not be eligible.

The Gnosis core development team, employees, contractors and all other people paid by Gnosis, directly or indirectly (including the external auditors), are not eligible for rewards.

The program is currently active and will remain so until further notice.

Rules

Rewards

The rewards are at the sole and final discretion of the OpenEthereum bug bounty panel and will be proportionate to the risk based score of the bug. Other factors that will be considered are the quality of the test code, scripts, detailed instructions, and the quality of description for the fix if it is included.

The bounties are denominated in US dollars equivalent to $USDC.

Image for post
Image for post

Legal

The OpenEthereum Bug Bounty Program is a discretionary rewards program by Gnosis Limited for our active community to encourage and reward those who are helping to improve our software. It is not a competition. We can cancel the program at any time and awards are at the sole discretion of Gnosis Limited. We are not able to issue awards to persons who are on any sanctions lists maintained by Gibraltar, the EU or the UK or who are in a jurisdiction sanctioned by the same. We make no representation regarding the tax consequences of any rewards and you are responsible for all taxes payable in connection with the receipt of any rewards.

By submitting your content (your “Submission”) to us, you agree that Gnosis Limited may take all steps needed to validate, mitigate, and disclose the vulnerability, and that you grant Gnosis Limited any and all rights to your Submission needed to do so.

Your testing must not violate any law or compromise any data that is not yours. We will do our best to respond to your submission as quickly as possible, keep you updated on the fix, and award a bounty where appropriate. Any conduct by you that appears to be unlawful, malicious, or criminal in nature will immediately disqualify any Submission from the OpenEthereum Bug Bounty Program. Please do not engage in extortion. Please be aware that testing can be designated as a criminal act by the relevant authorities if you are violating Gibraltar or any other laws. Our rules do not supersede any applicable laws. If you do your best to follow these guidelines in discovering and disclosing a vulnerability, we will not consider your actions as an attack and won’t take any legal action against you.

Any obligations arising out of or in connection with this Bug Bounty Program or its subject matter will be governed by and construed in accordance with the laws of Gibraltar, and the courts of Gibraltar shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this OpenEthereum Bug Bounty Program.

If you have any further questions please contact us at core@openethereum.org, Discord or Twitter.

OpenEthereum

OpenEthereum Ethereum client (ex-Parity client)

Marcelo Ruiz de Olano

Written by

Building @OpenEthereumOrg. Nomad researcher. Passionate about anthropology and slow travel.

OpenEthereum

OpenEthereum (ex-Parity client) is the fast, light, and robust client for Ethereum written in Rust.

Marcelo Ruiz de Olano

Written by

Building @OpenEthereumOrg. Nomad researcher. Passionate about anthropology and slow travel.

OpenEthereum

OpenEthereum (ex-Parity client) is the fast, light, and robust client for Ethereum written in Rust.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store