Title: Aelf Bug Bounty up to 1500$ per Bug Post by: khairedineA on October 23, 2019, 09:48:02 AM On Oct 24th, 2019 aelf’s biggest bug bounty will launch with a large reward pool. The event will run for almost 2 weeks, concluding on Tuesday, Nov 5th. This bounty program will revolve around the aelf Enterprise 0.8.0 Beta platform and test tokens. Users can expect to receive between 288–18,888 ELF per bug reported which equates to approximately $1,500 USD (At time of press). This bounty will reward any bugs found specifically around the aelf mainchain and applications currently running on the mainchain, such as wallets, explorers, etc. The rewards provided as compensation for reported bugs will be based upon numerous factors, including the impact of the vulnerability, risk, likelihood of exploitation and quality of report. aelf v0.8.0 Beta (Oct 24th — Nov 5th) Rewards will be broken down into 3 main categories with minimum rewards for each: Major (4,888–18,888 ELF): Stealing or random issuance or distribution of tokens Breaking consensus which could stop a blockchain Destruction of chain management and software upgrade processes Memory leaks and abnormal resource consumption Moderate (1,888–4,888 ELF): Unexpected behavior that occurs in extreme cases Illegal Tx is successfully executed Unexpected behavior after successful Tx execution Single-machine failure that has no effect on consensus General (288–1,888 ELF): Any defect of API in aelf system. aelf External Application (long-term) 100,000 ELF bonus pool Reward amount: 52–888 ELF How to Participate 1️⃣ Receive Your Test Token In order to participate in this bounty you will need to receive the test tokens: https://apply-token-test.aelf.io/ Receive Test Token Tutorial: https://github.com/samjia12/aelfDeveloperCommunity/blob/master/Test%20Token%20Tutorial%20(aelf%20Bug%20Bounty).md 2️⃣ Participate in the testing Find bugs in aelf v0.8.0 Beta Eg: such as contract development, contract deployment, Economic System, transactions, adding sidechains, etc. You can deploy your own blockchain with reference to the documentation and use the blockchain by using api:port/swagger/index.html exposed API or CLI tools. Code to be tested: Main chain: https://github.com/AElfProject/AElf/tree/v0.8.0-beta (v0.8.0-beta) Staging: https://github.com/AElfProject/aelf-boilerplate/tree/master (master) Test network full node: Mainchain: http://13.230.195.6:8000/swagger/index.html Sidechain 1: http://3.112.252.52:8000/swagger/index.html Sidechain 2: http://54.92.109.42:8000/swagger/index.html In addition to the bug reports, we also encourage participants to report on incomplete or ambiguous components of the current documentation. Developer Documentation: https://docs.aelf.io/v/dev/ Find bugs in aelf External Applications For the aelf chain supporting applications: such as blockchain explorer, mobile phone H5 wallet. The scope is as follows: Open Test Websites at https://apply-token-test.aelf.io/ Public test address: https://explorer-test.aelf.io https://wallet-test.aelf.io (only for mobile phone mainchain H5 wallet) 3️⃣ Proposing Bugs/Constructive Feedback and Suggestions Developers can directly raise an issue on aelf’s GitHub, the title should start with: [Community Bug] + bug description. aelf technical team will evaluate bugs and solve them. aelf Github: https://github.com/aelfProject Mainchain: https://github.com/AElfProject/AElf/issues Staging: https://github.com/AElfProject/aelf-boilerplate/issues Explorer: https://github.com/AElfProject/aelf-block-explorer/issues H5 Wallet: https://github.com/AElfProject/aelf-web-wallet/issues For other bugs, please submit an issue in the corresponding codebase. If you can’t find a suitable codebase, please communicate with Sam (@samjia) on Telegram. 4️⃣ aelf Technical Team Review Wait for aelf technical team to review. The main chain bug rewards will be distributed within one week after the end of the event; the long-term bug bounty rewards will be issued within 7 working days after the bug is reviewed by the team. Tips: The scope of bugs award will be assessed by the technical team based on its importance. First come, first served, if you submit a question what the team already know, you will not be rewarded; if we receive a duplicate vulnerability report, we will issue a reward to the first person reporting this vulnerability. The final interpretation of this event belongs to the aelf technical team. |