Express TestNet Bug Bounty Program

Pushkarr Vohra
Pandora Finance
Published in
4 min readMar 7, 2022


The Express Protocol Testnet is LIVE! With this launch, we have got one step closer to achieving our grand vision of building a decentralized on-chain protocol.

But before launching the MainNet, we want to ensure the full credibility of the protocol.

Wondering HOW?

We’re launching a bug bounty program to invite tech enthusiasts & developers to test our protocol for any issues or bugs. This program will run for the time period of one month, starting on 7th March 2022 and closing on 8th April 2022.

The total worth of $25,000 PNDR token will be rewarded based on the following severity criteria.

You will be able to claim your token once the campaign has ended and our tech team chooses you as an eligible candidate after precisely evaluating the credibility of all the detected issues. In due course, you have the full liberty to display, transfer, or sell your token however, we would like to encourage you to hold onto your tokens and join us in our journey.

We are elated to reward our Early Supporters once we have touched the supposed milestone. We are committed to empowering our community as well.

Moreover, we would also really appreciate your contribution in providing your valuable feedback where you can share your product ideas or suggestions as well; it is not etched in stone that you only have to find the bugs in the TestNet. We believe feedback is a part of a process and is vital that helps the team optimize the work and motivates them to innovate more.

You can submit your suggestions in the feedback form.

How to participate in the Bug Bounty program?

Hey, developers and tech-enthusiasts, follow the steps mentioned below to participate in the Bug Bounty program:

  • In case you find a bug while using an application, you can raise an issue to be a part of this Bug Bounty program.
  • It is mandatory that the bug has to be reproducible i.e., it is reproducible with the following set of actions.
  • For all the found bugs, you have to go to our Github repository. The Github repository for the same will go live on 7th March.
  • For all the detected bugs create a word document or Google document and attach the file to our Bug Bounty Google Form.
  • Our Technical Team will review and analyze all the submissions to evaluate the credibility of the detected issue and decide the rewards for the following participants accordingly.

Instructions for Bugs Submission

Kindly stay stick to the program authenticity and only submit the issues/bugs related to the scope of this program.

The following things you need to mention in the word document:-

  • The bug is related to what.
  • The severity of the bug i.e., critical, high, medium, low.
  • Kindly mention the priority in which the bug needs to be resolved i.e., high, medium, low.
  • Provide the description of the found bug.
  • Summarize the document
  • Insert the screenshot of the found bug.
  • References or supporting documentation — source code to replicate, if any
  • Provide a detailed description of the impact that the bug made on the protocol if it is not resolved.

Note: Don’t forget to provide access to your word document (if on google docs), otherwise, it will not be considered.

Terms and Conditions

Here are a few terms and conditions to follow to participate in the Bug Bounty program:-

  • The reward will be decided on the level of risk and priority involved in resolving the issue.
  • Follow the submission instruction to ensure your eligibility for participation.
  • In case of duplicated issues, only the first entry would be considered eligible for the reward.
  • Irrelevant bugs and issues will not be considered.
  • Derogatory remarks or attacks against other participants or our employees will lead to immediate disqualification.
  • Participants will get disqualified in case of any denial of service attack.
  • In case of any disclosure of the vulnerability without the consent of the Express team, the participant will be disqualified and would not be able to participate in any future programs.
  • The tech team will only consider those bugs that are not reported publicly.
  • Avoid violation of any privacy policy.
  • Any kind of disruption or hacking of our system will not be tolerated.

Closing Note

We would really appreciate your contribution to perfecting the Testnet by testing it thoroughly and reporting the vulnerabilities you face while using the Protocol. We eagerly want you to test our Express Protocol before we deploy this infrastructure to our Mainnet. The program has officially been initiated and now it is your turn to win rewards in exchange for discovering any flaws. We thank you in advance for your contribution to helping us develop a more comprehensive program.