Bug Bounty
The reason why the Beta test version was released first is that we must take on the responsibility of safeguarding our users’ assets. We will, through the beta version, conduct a one-week public test before it is officially launched.
Start from: December 18, 2020, 21:00 (UTC+8)
End at: January 7, 2021, 21:00 (UTC+8)
Task: Stake 5 times, 10 ETH each time.
Incentives:The first 200 participants who complete the task will win 10 FIS (ERC20 FIS). Be sure to memorize the test address which will be used to receive the reward.
When you complete the task, please:
1)Forward the related Tweet from StaFi official Twitter account (https://twitter.com/StaFi_Protocol/status/1339561422808739840) with the screenshot of your Staking operations, Staking ETH address (the same as the address in the screenshot).
2)At the same time, please @ three of your friends in the crypto community.
Task: Run the validator node through rEth and obtain more than 0.02 ETH on the Eth 2.0 testnet.
Incentives: The top 100 validators who complete the above task will win 200 FIS (ERC20 FIS). Be sure to memorize the test address which will be used to receive the reward.
Before starting the task, you need to join the StaFi validator test group: .
When the test is completed, Please:
1) Send the deposit ETH address, the pubkey(as shown in the figure below) in the deposit_data*.json file, and @Telegram [email protected] sara8721 in the telegram group.
2) Forward the related Tweet from StaFi official Twitter account (https://twitter.com/StaFi_Protocol/status/1339561422808739840) with the screenshot of your staking dashboard, deposit ETH address, the pubkey (as shown in the figure below) in the deposit_data*.json file;
3) At the same time, please @ three of your friends in the crypto community.
Image for post
For any bug, vulnerability, or details that might need optimization, you are welcome to report through the same channel as that of bug submission. (see below article).
1) Detect bugs in the code, and submit issues with regard to functions and security.
2) Find which portions of the code are to be optimized in terms of performance, security, and cost savings.
- Critical: Abnormal function, ineffective function, or security breach, etc.;
- Moderate: Defects that do not affect the function, non-security issues, such as the room for optimization, performance improvement, etc.;
- Low: Unimportant issues, some minor issues that can be modified during updates, such as modifying text or notes.
Outside the scope of the bounty program
- Repeated reports on security issues, including security issues that have been confirmed by the StaFi team;
- Theoretical security issues without pragmatic application scenarios, or issues that require complex user-interactions.
1 It must be a newly discovered bug(s) that has/have not been reported before
2 The bug(s) found must be related to security issues in StaFi GitHub page code, but not other third-party code;
3 Have not written any codes of StaFi around the bug(s), and have not participated in any process that generated the bug(s) of StaFi in other ways;
4 Public disclosure will make you lose your bounty;
5 The StaFi team reserves the right to make the final decision on eligibility for the event and all rewards.
The bounty will be issued in the form of FIS, and the amount will depend on the severity of the bugs found.
| | | | | |
Almost Certain | $100 | $500 | $1,000 | $5,000 | $25,000 |
Likely | $50 | $100 | $500 | $1,000 | $5,000 |
Possible | $10 | $50 | $100 | $500 | $1,000 |
Unlikely | $10 | $10 | $50 | $100 | $500 |
Almost Possible | $10 | $10 | $10 | $50 | $100 |
| Very Low | Low | Moderate | High | Severe |
In addition to severity, the bounty amount will be determined (but not limited to) by other factors including:
- The accuracy and details of the bug description;
- The quality of reproducibility, such as test code, scripts, and detailed instructions.
When you find bug(s), please send a report to: [email protected]. Please attach your name, email, company name (optional), description of the bug(s), your opinion on what is the potential impact of that bug on StaFi rBridge, and how you discovered that bug.
1. What should I do if I submit a bug but do not hear a reply?
Before publicly publishing the bug(s) you found, we need some time to review and confirm them, and will reply to you as soon as possible. If you haven’t received a reply two weeks after submission, you can send an email to us at: [email protected]
2. In what form is the bounty issued?
The bounty is issued in the form of FIS. In certain areas, you can choose to take payment in USDT. The bounty is usually issued three weeks after the submission is confirmed. According to local legal requirements, you need to provide your identification, usually passport information. In addition, you need to provide your FIS or USDT address.
For participants from the United States, the bounty will be issued in the form of USDT.
If you have more questions, please send an email to us: [email protected]
Last modified 1yr ago