Bug bounty

Donors who are supporting the Incognito Cash platform will pay for responsibly disclosed bugs and exploits for anyone who reports to [email protected]
Rules:
  • Public disclosure of a vulnerability would make it ineligible for a reward.
  • Interference with or exploitation of the protocol with a vulnerability would make it ineligible for a reward. It is recommended to use fork-mode for testing or demonstrating a vulnerability.
  • Duplicate issues are not eligible for reward.
  • Rewards will vary depending on the severity of the issue. Other variables considered for rewards include: the quality of the issue description, the instructions for reproducibility, and the quality of the fix (if included).
  • The severity of the issues will be based according to the OWASP risk rating model based on Impact and Likelihood.
  • Submissions needs to be related with the Bounty Scope. Submissions out of the Bounty Scope won’t be eligible for a reward.
  • Rewards will be decided on a case by case basis and the bug bounty program, terms, and conditions are at the sole discretion of donors.
Scope:
  • Deployed or candidate deployment contracts at gitlab...
  • Deployed or candidate deployment contracts at gitlab...
Rewards:
The reward will be based on likelihood and severity of the exploit up to the following amounts:
Likelihood
Text
Very low
Low
Moderate
High
Severe
Almost certain
$1,000
$5,000
$10,000
$50,000
$250,000
Likely
$500
$1,000
$5,000
$10,000
$50,000
Possible
$500
$500
$1,000
$5,000
$10,000
Unlikely
$500
$500
$500
$1,000
$5,000
Almost impossible
$500
$500
$500
$500
$1,000
Severity