Starfleet bug bounty update

OriginTrail
Feb 10 · 3 min read
Image for post
Image for post

TLDR: The staking website is open for bounty at https://staking-staging.origintrail.io/. See instructions for how to participate below:

Since being announced in our blogpost on January 6th, the Starfleet bug bounty program has already had several valuable contributions from bounty hunters on the staking smart contract. Flowing on from this success, as of today we are now opening up the Staking Interface for testing as well as contributions from bounty hunters!

What is the Staking Interface?

Staking Interface is the dApp which will be used by those boarding Starfleet to interact with the Starfleet staking smart contract deployed on Ethereum. The dApp is similar to the likes of Uniswap — it allows users to connect their wallets through Metamask and performs two transactions with the Starfleet staking smart contract. The first transaction is the approval transaction on the token contract, and the second is the depositTokens transaction on the Staking contract. Both of these transactions can also be made without the interface, however the interface is intended to help make the user experience smoother and more informative.

The interface available for bounty is not the production interface, rather it is the staging version and is connected to the Ethereum Rinkeby testnet (where a copy of the staking contract has been deployed). Some of the content is intentionally left incomplete (lorem ipsum texts), and as this is a non-issue it is not eligible for bounty.

In order to test the interface, you will need ATRAC test tokens, which can be obtained from team members via a dedicated #starfleet-bug-bounty-hunters channel in OriginTrail Discord Tech Chat.

The bug bounty for the Staking interface is open until Tuesday, February 16th, 23:59 UTC

Rewards

The bug bounty rewards are:

  • Low severity bugs: ~ 1000 TRAC
  • Medium severity bugs: ~ 5000 TRAC
  • High severity bugs: ~ 25000 TRAC

Bug bounty instructions

The following bug bounty rules apply to all of the above-listed projects:

  • First come, first served
  • Issues that have already been submitted by another person are not eligible for bounty rewards
  • Public disclosure of a vulnerability makes it ineligible for the bounty reward
  • Hired auditors are not eligible for rewards
  • Determination of eligibility, score, and all terms related to the reward is at the sole and final discretion of OriginTrail core developers
  • In addition to bug severity, the core developers will also consider the following information to determine the rewards:
  • Quality of description; higher rewards are paid for clear, well-written submissions.
  • Reproducibility: please include test code, scripts, or detailed instructions.
  • Quality of fix, if included: higher rewards will be paid for submissions with a clear description of how to fix the issue.

All bug bounty submissions are to be sent EXCLUSIVELY via email to bounty@tracelabs.io

Please ensure that you are not harming any data present on our servers while testing. We will not take any legal action against you unless you are harming/ changing/ removing/ deleting any data.

We urge bounty hunters to:

  • Give the team a reasonable amount of time to resolve any submitted vulnerabilities.
  • Not to use any other channel to submit vulnerabilities other than the provided email address.
  • Not damage OriginTrail and its stakeholders or disclose any data in the process of discovery.

Anyone interested in participating in the Starfleet bug bounty campaign should read the following relevant blog posts:

Happy bounty hunting, Tracers!

LEGAL NOTICE

We cannot issue rewards to individuals on sanctions lists or those in countries on sanctions lists. You are responsible for any tax implications depending on your country of residency and citizenship. There may be additional restrictions depending on your local law.

This is a discretionary rewards program. We can cancel the program at any time and the decision to pay a reward is entirely at OriginTrail core developers’ discretion.

Your testing must not violate any law, or disrupt or compromise any data that is not your own. To avoid potential conflicts of interest, we will not grant rewards to OriginTrail core developers and contractors.

👇 More about OriginTrail 👇

Web | Twitter | Facebook | Telegram | LinkedIn | GitHub | Discord

OriginTrail

OriginTrail is an ecosystem dedicated to making supply…

OriginTrail

Written by

OriginTrail is Enabling Businesses to Speak the Same Language with Integrity

OriginTrail

OriginTrail is an ecosystem dedicated to making supply chains work together since 2011, contributing to a more transparent, fair, and trusted global supply chain.

OriginTrail

Written by

OriginTrail is Enabling Businesses to Speak the Same Language with Integrity

OriginTrail

OriginTrail is an ecosystem dedicated to making supply chains work together since 2011, contributing to a more transparent, fair, and trusted global supply chain.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store