Announcing the XSPO bug bounty program

Today we are announcing the launch of the Xfinite Staking Program Offering (XSPO) bug bounty program for anyone and everyone interested in helping us build our native staking platform.

We have always wanted to set up an incentivized vulnerability disclosure program for our community. We can’t think of a better place to start than with XSPO.

About XSPO

XSPO is a unique Xfinite project. We realized that a native staking platform would help all stakeholders involved in a multi-year project like this.

The mission of XSPO is to bring all staking initiatives, mechanisms, and experiments of Xfinite under one umbrella. We have dedicated 11.25% of the entire ‘Staking Intiatives’ supply for the staking and we expect XSPO to make a major portion of this.

The XSPO product has already undergone a thorough auditing process.

The certificate is given below and you can access the full report here: https://drive.google.com/file/d/1xp5xkxAeLtZn_fPj9fQbFvtZIkhodtrV/view

About the bug bounty program

First off here are the key details for all the bounty hunters

1. Duration: The program will be from 11th October 2022 to 10th November 2022. This includes the identification of bugs, validation, reproduction, and resolution. The payout will be made after the 10th of November. We will stay in touch with all winners through our official Discord and Telegram channels.
2. Rewards: There will be 5 tiers of rewards where bounty hunters will be rewarded based on the identified bug's severity. The final reward amount is based on the total number of points earned per person.
3. Doubts and answers: The main recourse for resolving any doubts will be through our community channels, however, there will also be one community call on Discord with our lead developer. The date and time for the same will be announced soon.

How to participate

We will only take up valid reviewers who have shared the details needed on the form link below:

XSPO Bug Bounty Participation Form link: https://forms.gle/aa4TJCJFyHLgBWqA9

The review process is shared below

1. Minor-level issues like typos, browser issues, or content overlapping will be considered under Low Section.
2. After submitting each Report, Dev Team will review the Report and assign the Points according to the impact of the Bug.
3. If there is a high impact on the Economy of the application, then those bugs will be considered under the Critical Section.
4. The Urgent Section will consider compromises of user security or the application data accessibility.
5. The High Section will consider application Logic Errors, Network Errors, and Security Breaches.
6. Unresponsive pages, inaccessibility of the staking function, or any things related to application functionalities will be considered under Moderate Section.
7. Minor-level issues like typos, browser issues, or content overlapping Will be considered under Low Section.
8. Once the report is submitted, Dev Team will allocate the points in 72 hours.
9. If the issue is reported in duplicate, it will be allocated zero points.
10. All the points per user will be aggregated, and the rewards will be distributed after completing the Bug Bounty Program.

Please refer to the Bug Bounty program guide on the link below to understand what’s within scope, outside scope, and other details.

XSPO Bug Bount Program Guide https://drive.google.com/file/d/1wYFkBKBwZWPysymqc3eK1-h1FBr14nDe/view?usp=sharing

Lastly

We hope you’re excited to launch a product we have been working on for some time, together!

This is also our first Bug Bounty program so please let us know what we can do better as you make your way through the program.