「Open」zkTube Protocol Bug Bounty Program

zkTube Protocol welcomes all the ethical hackers across the globe to participate in the zkTube Protocol Bug Bounty program and collaborate with us in enhancing the security of our infrastructure. While we do our best, sometimes, certain issues escape our attention and may expose our services to certain exploits.

We believe in working with the research community across the globe as it is a crucial part of identifying and mitigating security vulnerabilities in our products and technologies. We understand that this process is both challenging and time-consuming and as such, we incentivize security researchers who report security vulnerabilities in our Testnet and Mining process. This enables us to provide a coordinated response and helps us minimize the risk to our users.

If you have found a vulnerability on our Testnet:

http://rinkeby.zktube.io/

wallet or in our Testnet Mining process
(https://zktube.zendesk.com/hc/en-us/articles/4403222903188-zkTube-Mining-Instruction), please report it to work@zktube.io
Once we've received your report, we'll investigate it and respond to you as soon as possible. We ask you not to discuss any vulnerabilities you have found (including resolved ones) without our express consent.

Participation in the Bug Bounty Program requires you to comply with the policy below.

General Rules

You must be the first to report the issue to us. Only the first reporter is awarded.
Please provide us with the steps to reproduce the issue and enough information so that we can reproduce and verify it. If we are not able to reproduce the issue, it will not be eligible for a reward.
Tests must not violate any law, or compromise any data that is not yours.
If multiple vulnerabilities are caused by one underlying issue it will be awarded as one report.
Please don't use vulnerability testing tools that generate significant volumes of traffic, that may disqualify you from getting a reward.

Rewards

:)Up to $500 in ZKT for critical issues
:)Up to $100 in ZKT for non-critical issues

$50 in ZKT for minor bugs

10 Winners in total

Notes:

Technological bugs only;
Vulnerabilities that are already known and being fixed (such as discovered by our team) are considered out of scope;
The Bounty Program rewards will be distributed uniformly at the current ZKT price after ZKT gets listed on the exchange.

Duration: From 12th August 2021 to the launch of the zkTube Mainnet.

You are always welcome to leave a comment below.

Disclaimer

The Bug Bounty Program is an experimental and discretionary rewards program for our active zkTube community to encourage and reward those who are helping to improve the system. It is not a competition. You should know that we can cancel the program at any time, and awards are at the sole discretion of zkTube Labs. You are responsible for all taxes. All awards are subject to applicable law. Finally, your tests must not violate any law or compromise any data that is not yours.

Issues that have already been submitted by another user or are already known to specifications and client maintainers are not eligible for bounty rewards.
Public disclosure of a vulnerability makes it ineligible for a bounty.

zkTube Labs researchers and employees are not eligible for rewards.

zkTube Bug Bounty Program considers a number of variables in determining rewards. Determinations of eligibility, score and all terms related to an award are at the sole and final discretion of zkTube Labs.