Raiden Network Token Bug Bounty

The Raiden token auction is scheduled for the coming Wednesday 18th of October. We have had a comprehensive audit of the smart contracts by Jordi Baylina details of which can be found here. We take security seriously, so in this post we would like to outline the Raiden Token Bug Bounty.

Scope of the Bounty

Within scope are only the smart contracts of the auction and the token. Specifically:

• Auction.sol
• Token.sol
• Distributor.sol

Not in scope: The Raiden network itself. Any of the Raiden smart contracts or code located in the Raiden repository. Also the Gnosis wallet contract code is not in the scope of this bounty, but if you find any problems with their code they are running their own bounty.

Duration of the Bounty

The bug bounty will last until the cooldown period has elapsed. Which at the moment of writing means 7 days after the finalizeAuction() transaction is included in a block.

Bounty Rewards

Minor bugs which would cause the auction to fail, but don’t put any of the tokens or ETH at risk will be rewarded with $5,000. For mission critical vulnerabilities that would allow non-trusted 3rd parties to steal funds (either ETH or token), we will reward $50,000. All rewards are paid in RDN after the auction.

Submission Guidelines/Rules

Send your submissions via email to bounty@raiden.network.

Your email should contain as detailed a description of the bug as possible and any supporting documents (source examples) that are needed.

You should also include a single ETH address to which the reward should be sent if your bug is accepted.

Make sure that you do not share your submission publically until we have confirmed it to you, or else you will be disqualified.

Issues will be credited on a first come — first serve basis. Issues already known to us or issues already submitted by another user will not be eligible for rewards.

Issues can be submitted anonymously.

Responsible Disclosure

• Don’t make the details of any vulnerability you find public until after we have confirmed to you that it’s fine to do so.
• Do not try to actively exploit any security issue you find

Final Words

You can find more information on Raiden at our website and information on the auction mechanics in this blogpost. To chat with us about development specific questions visit our gitter channel.

Happy hunting!