From July 10 - Sept 30
BACKGROUND
As a public chain aiming to create a secure and trusted environment for telecom services, the security of private information and user data has always been at the core of QLC Chain services. As part of the commitment, Confidant, a secure and trusted communication platform now invites developers and security researchers to help protect Confidant and its users by identifying bugs and security vulnerabilities via this Bug Bounty Program.
BUG REPORTING PROCESS
When reporting bugs, there will be some information required for bugs description and reward distribution. Please send the information as listed below:
~ Your name ~
~ Your nep-5 wallet public address for receiving rewards ~
~ Your email address ~
~ Specific type of bug ~
~ Detailed steps needed to reproduce the issue ~
~ If it is a vulnerability issue, have a description of the risk and possible exploits ~
~ How is this issue different from what is expected ~
If you wish to stay anonymous, either contact us with a throw away account or let us know that you do not want to be named.
RULES AND REWARDS
Confidant Bug Bounty Program welcomes both security vulnerability and general bug reports. All the reported issues will be evaluated based on their severity and security impact on the product and its users.
Rewards shall be distributed in either BTC or QLC.
Your bug reports will be rated based on the severity and its impact on Confidant performance and its user experience.
AWARDING PROCESS
QLC Chain team will evaluate all valid bug submissions that are accepted and then reach out to inform the submitter. Reward distribution will be completed once the team has accepted the bugs.
IN SCOPE
Confidant app download links
Confidant trial account for developers and security researchers - please access here
QLC Chain developer community always aims to tap into the potential of the community to contribute to a more stable, secured and prosperous QLC Chain ecosystem.
QLC Chain may award a lucrative reward bonus for exceptional reports. The decision will be made at QLC Chain team’s discretion.
TERMS AND CONDITIONS
While participating Bug Bounty Program, you must refrain from
~ Attacks against Confidant infrastructure ~
~ Social engineering and physical attacks ~
~ Distributed Denial of Service attacks that require large volumes of data ~
~ Provisioning and/or usability issues ~
~ Violations of licenses or other restrictions applicable to any vendor's product ~
~ Security bugs in third-party products or websites that are not under QLC Chain team's direct control ~
~ Vulnerabilities that are a result of malware ~
~ Theoretical security issues with no realistic exploit scenario(s) or attack surfaces, or issues that would require complex end user interactions to be exploited, may be excluded ~
~ Issues determined to be low impact may be excluded ~
~ In addition, the submitter must not be the author of the code with the vulnerability ~
Vulnerabilities that are disclosed to any party other than QLC Chain Team, including vulnerability brokers, will not qualify for Bug Bounty reward. This includes both full public disclosure and limited private release.
