Spores’ Marketplace Testnet & Bug Bounty Program
Community Space
The Spores Testnet is finally here!!!
Our team has been working very hard and we’re excited to finally be able to give our community members a preview of Spores marketplace.
This announcement is also an invitation for you to be a part of our testing phase. Our Testnet will feature the following:
- First look at our highly anticipated marketplace
- Live features: Auction, Explore, Minting, Connect Wallet, etc.
In addition, as part of Spores’ commitment to ensure that the marketplace is safe and free of bugs for all users involved in our ecosystem, we decide to conduct the Bug Bounty Program for the Testnet: http://testnet.spores.app/ with the total prize pool of up to USD 5,000.
The Bug Bounty Program is designed to not only engage users to find bugs and imperfections but also to encourage our community to protect the work of creators on our marketplace. If there is any bug in our system, please submit the report to us via filling the form: https://spores.link/2Vcvw4w and receive the reward (if qualified).
Bug Bounty Program Timeline
From now to 23:59, 16th August (UTC)
Types of Bugs
We are looking for these below kinds of bugs on our testnet:
Low Bugs
- Open Redirect on Sensitive Parameter
- Improper Direct Object Reference (IDOR)
- Open Redirect
Medium Bugs
- Authorization flow
- SQL Injection
- Authorization Flaw
- Sensitive Data Exposure
- Server-Side Request Forgery (SSRF)
- UI/UX (visual inconsistencies or functional issues)
High Bugs
- Remote Code Execution (RCE)
- Remote File Inclusion (RFI)
- Significant Authentication Bypass
Out of Scope
In the interest of the safety of our users, unsafe test types such as the following are excluded from scope and not eligible for a reward:
- Attacks that the hunter has identified and exploited, leading to damages
- Disclosure of Software version
- Publicly accessible login panels
- Email Spoofing
- Phishing attacks
- Social engineering attacks
- Physical security tests
- DoS / DDoS
- Phishing
- Malicious software/extensions
- Disclosure of non-sensitive information, such as product/framework version
- ID enumeration (such as user, design, folder, etc) without any further impact
- Disclosure of users information that is publicly available
- Insecure cookie settings for non-sensitive cookies
- Functional and spelling mistakes
- Reports based on product/protocol version without a proof of concept of exploiting the vulnerability
Reward Mechanism
For each bug found and successful submission at https://spores.link/2Vcvw4w, you’ll be rewarded tokens based on:
- The Severity of Bug (Main Criteria)
- Quality of description: Higher rewards are paid for clear, well-written submissions.
- Quality of reproducibility: Please include test code, scripts, and detailed instructions. The easier it is for us to reproduce and verify the vulnerability, the higher the reward.
- Quality of fix, if included: Higher rewards are paid for submissions with a clear description of how to fix the issue.
Note: Two weeks after the deadline of the program, Spores Network Team will send you a verification confirmation (if qualified).
Prize Structure
Total Prize Pool: $SPO Token Value = $5,000
- Low Bug — Total $SPO Token Value = $500*
- Medium Bug — Total $SPO Token Value = $1500*
- High Bug — Total $SPO Token Value = $3000*
* Note: All bounty rewards are to be paid within 2 weeks after the bug report is verified by our team. Rewards will be paid in $SPO and the team’s decision is final. The number of Tokens users may receive will be based on the average rate during the bug bounty period
Bug hunting rules
- The bug bounty program is an experimental and discretionary rewards program for Spores’ active members to encourage and reward those who are helping to improve the platform. It is not a competition. You should know that we can cancel the program at any time, and awards are at the sole discretion of the Spores Network bug bounty panel. In addition, we are not able to issue awards to individuals who are on sanctions lists or who are in countries on sanctions lists. You are responsible for all taxes. All awards are subject to applicable law. Finally, your testing must not violate any law or compromise any data that is not yours.
- Testing is only authorized on http://testnet.spores.app/
- Any/all subdomains not listed above are out of scope. If you believe you’ve identified a vulnerability on a system outside the scope, please reach out to support@spores.com before submitting.
- Issues that have already been submitted by another user or are already known to spec and client maintainers are not eligible for bounty rewards.
- Public disclosure of a vulnerability makes it ineligible for a bounty.
- Spores’ Team members are not eligible for rewards.
- Spores considers a number of variables in determining rewards. Determinations of eligibility, score, and all terms related to an award are at the sole and final discretion of the Spores Network bug bounty panel.
About Spores
Spores Network founders believe that crypto will lead to decentralization of ownership and frictionless redistribution of capital. Their mission is to create an NFT ecosystem that is creator-centric, community-driven, frictionless, and borderless. To that end, Spores has built a cross-chain DeFi-powered NFT marketplace defining decentralized pop culture, sharing NFT content across gaming, esports, animation/anime, digital fine arts, music, and film/TV. Spores co-founders include Duc Luu (Nasdaq IPOed serial entrepreneur ), Eric Hung Nguyen (former senior investment analyst at a top-10-worldwide hedge fund), and a diverse team of advisors across blockchain and entertainment.
Join our collective. Tell your story. Share our vision, at Spores Official!
Follow us on our Social Media: Twitter | LinkedIn | Facebook |Instagram | Pinterest | YouTube |Chat to us on Telegram or get updates on Telegram Ann
International Telegram Chat groups: Spanish | Portuguese | Russian | Turkish | Japanese | Korean | Chinese | Vietnamese |Filipino
