Dido Ma
Dido Ma
Jul 9 · 3 min read

— accept security vulnerabilities and non-security bugs

Program Time: July 10 — Sept 30

Submissions shall be sent to:

qlc.hackathon@protonmail.com

PGP Fingerprint: 5962280664e521bd2574e5df46a64c0c403b258d

Confidant app download link and source code:

Android download Android Github

iOS download iOS Github

Start off from a Confidant trial account:

cryptosophies.com/qlc-bug-bounty/

Background

As a public chain aiming to create a secure and trusted environment for telecom services, the security of private information and user data has always been at the core of QLC Chain services. As part of the commitment, Confidant, a secure and trusted communication platform now invites developers and security researchers to help protect Confidant and its users by identifying bugs and security vulnerabilities via this Bug Bounty Program.

Bug Reporting Process

When reporting bugs, there will be some information required for bugs description and reward distribution. Please send the information as listed below to qlc.hackathon@protonmail.com. A submission portal is in process and will be available on QLC Chain website soon.

  • Your name
  • Your nep-5 wallet public address for receiving rewards.
  • Your email address for contacting us
  • Specific type of bug
  • Detailed steps needed to reproduce the issue
  • If it is a vulnerability issue, have a description of the risk and possible exploits
  • How is this issue different from what is expected

If you wish to stay anonymous, either contact us with a throw away email address or let us know that you do not want to be named.

Rules and rewards

Confidant Bug Bounty Program welcomes both security vulnerability and general bug reports. All the reported issues will be evaluated based on their severity and security impact on the product and its users.

Rewards shall be distributed in either BTC or QLC.

Security Vulnerabilities Classifications and Rewards

Your bug reports will be rated based on the severity and its impact on Confidant performance and its user experience.

Non-security Classifications and Rewards

QLC Chain developer community always aims to tap into the potential of the community to contribute to a more stable, secured and prosperous QLC Chain ecosystem. As such QLC Chain may award a lucrative reward bonus for exceptional bug finders. The decision will be made at QLC Chain team’s discretion .

Awarding Process

QLC Chain team will evaluate all valid bug submissions that are accepted and then reach out to inform the submitter. Reward distribution will be completed once o a acceptance of the bugs.

In scope

Confidant Station and Confidant app for Android and iOS.

Confidant app download link and source code:

Android download Android Github

iOS download iOS Github

Confidant trial account for developers and security researchers — please access here:

cryptosophies.com/qlc-bug-bounty/

Terms and Conditions

  • While participating Bug Bounty Program, you must refrain from
  • Attacks against Confidant infrastructure
  • Social engineering and physical attacks
  • Distributed Denial of Service attacks that require large volumes of data
  • Provisioning and/or usability issues
  • Violations of licenses or other restrictions applicable to any vendor’s product
  • Security bugs in third-party products or websites that are not under QLC Chain team’s direct control
  • Vulnerabilities that are a result of malware
  • Theoretical security issues with no realistic exploit scenario(s) or attack surfaces, or issues that would require complex end user interactions to be exploited, may be excluded
  • Issues determined to be low impact may be excluded
  • In addition, the submitter must NOT be the author of the code with the vulnerability

Vulnerabilities that are disclosed to any party other than QLC Chain Team, including vulnerability brokers, will not qualify for Bug Bounty reward. This includes both full public disclosure and limited private release.

QLC Chain

QLC Chain is the first public chain for decentralised network. The QLC Chain and supporting ecosystem will enable any individual, business or organization to leveraged the infrastructure and their mobile network resources to become a network service provider.

Dido Ma

Written by

Dido Ma

QLC Chain

QLC Chain

QLC Chain is the first public chain for decentralised network. The QLC Chain and supporting ecosystem will enable any individual, business or organization to leveraged the infrastructure and their mobile network resources to become a network service provider.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade