Topic: [BOUNTY CLOSED] 🔒TOKEN SECURITY SCHEME🔒 [ETHEREUM SMART CONTRACT CHALLENGE] (Read 736 times)

*BOUNTY CLOSED*
THANK YOU FOR YOUR PARTICIPATIONS


Bounty Scope

This bug bounty's scope covers the TSS Crowdsale Event Contract *only*.

https://github.com/TssCrowdsale/TssCrowdsale

The bounty scope does not include our website or our cloud infrastructure, social media channels, or any other exploit or vulnerability.
Issues already listed at https://github.com/TssCrowdsale/TssCrowdsale/issues are excluded from the bounty.


Bug & Vulnerability Risk Assessment

We are utilising the same framework as the Ethereum Foundation bug bounty scheme. Risk assessment is performed utilising the ‘Open Web Application Security Project’ (OWASP) methodology. This approach determines the severity of a bug as a function of its impact if exploited and likelihood of occurring. So, a bug or vulnerability with high impact and high likelihood would be considered to have a critical severity.





Remuneration/Reward

Amounts are quoted in USD nominal. Rewards for bounties will be issued in TSS tokens. The USD nominal amounts quoted assume that at least US$1 million is raised during the sale. The maximum amount set aside for the bounty is US$5000 issued in TSS tokens.

Note: Up to $5 USD
Low: Up to $50 USD
Medium: Up to $250 USD
High: Up to $1000 USD
Critical: Up to $2500 USD

Determinations of severity will be made in collaboration with the party that submitted the bug, however, the final decision lies with the 5M Holding’s security team. The amount received will depend on the quality of the submission.


Submission Method

The quality of the submission is a significant factor in determining remuneration. Bugs must be submitted in the following manner to be eligible for the maximum reward:

Before 6th November:

Submit a Pull Request on the token repo, including a summary of the bug and proposed solution (if any).
Include as many Truffle tests as is required to prove the bug or vulnerability exists.
Submit a summary of the issue to [email protected]

If the sale has begun, bugs or vulnerabilities must NOT be publicly disclosed, as this could pose a security risk. Public disclosure on or after 6th November will disqualify participants from the bug bounty program.

After 6th November (After sale begins):

Submit a report outlining the bug or vulnerability, with accompanying code and Truffle tests as required, to [email protected].


Responsible Use & Disclosure Policy

As outlined above, public disclosure in the form of GitHub Pull Requests are required prior to the pre-sale date. However, once the sale has begun, on 6th November, you must comply with the following conditions. Non-compliance with our disclosure policy may result in legal action.

Reasonable time must be given to allow our security team to investigate the issue, evaluate potential fixes and implement the optimal solution. You must not share the bug or vulnerability with others or publicly announce it until the appropriate fix has been implemented. We will actively communicate progress and inform you when public announcements will be made. Full credit will be given to the discoverer of the bug or vulnerability (if desired) in any article we may write on the topic.

You must act in good faith at all times, and not intentionally cause data loss or disruption to 5M holdings or others. You must not exploit any bug or vulnerability you identify, for any reason or purpose whatsoever, including attempting to identify additional risks or attack vectors. Doing so is illegal in most jurisdictions, and we reserve the right to initiate civil proceedings for any damage caused that we do not believe was in good faith.


Contact Our Security Team

You can submit bug or vulnerabilities identified as outlined above under the section ‘Submission Method’. If you have any questions relating to the bug bounty program or wish to make an anonymous submission, please contact [email protected].

In general, we are following the format of the Ethereum Foundation bug bounty program, and most of the rules outlined there apply to the TSS bounty program.




TOKEN SECURTIY SCHEME | 5M HOLDINGS