Bounty Program new Burn Module

This page describes the Bounty Program for testing BCNAD's new customized module.

BCNAD Token Burning Module Bug Bounty Program

  • Test Network: DEVNET-1

  • Version to Test: BCNAD v3.1.0-rc2

  • Program Start Date: 2024/04/22 00:00 (UTC+2)

  • Program End Date: 2024/05/22 23:59 (UTC+2)

  • Maximum Reward: 1 million BCNA coins

  • Maximum Budget: 2 million BCNA coins

Description:

BitCanna is launching a new token burning module in version v3.1.0-rc2 and we are committed to ensuring the highest quality and security for our application. We invite our community to participate in our bug bounty program. This program is designed to identify and resolve critical vulnerabilities, enhancing the stability of our token burning module before it is implemented on our mainnet. This new module and the testing will occur on the DEVNET-1 test network.

Scope and Eligibility:

  • All bugs reported for the reward program must be based on tests conducted specifically against the new Burn module, not against other legacy elements of the Cosmos-SDK.

  • In the event that bugs are discovered outside the Burn module being evaluated, a private assessment will be conducted. To initiate this, the discovered bugs should be communicated via email to dev@bitcanna.io.

Bug Reporting:

  • Participants must open an "issue" on GitHub with the title: "DEVNET-1 BURN: Problem Description". For Data Corruption & Theft of Funds please don't create a public disclosure, send an email to dev@bitcanna.io.

  • The problem must be described in detail and include convincing evidence to support the claim. A method on how to reproduce the bug, specifically within the Burn module, must be included.

  • To be eligible for the maximum reward, participants must propose a viable solution to the identified problem within the Burn module.

  • Please review the "Conflict Resolution" section below for important guidelines on report submission and reward eligibility.

Evaluation and Triage:

  • The BitCanna Team will evaluate each report using the Common Vulnerability Scoring System (CVSS) method to determine the severity of the problem.

  • Critical software security aspects such as availability, confidentiality, and integrity will be considered.

  • Consult the "Conflict Resolution" section for more details on how reports are prioritized and handled.

Rewards:

The rewards for uncovering vulnerabilities in the BitCanna token burning module will be assigned based on the type and complexity of the detected issue, in addition to the quality of the solution proposed, as per the following examples:

  • SPAM or DoS Attacks:

    • Difficult to exploit: 100,000 BCNA tokens + 100,000 BCNA tokens (if a solution is provided).

    • Easy to exploit: 400,000 BCNA tokens + 100,000 BCNA tokens (if a solution is provided).

  • Data Corruption:

    • Difficult to exploit: 600,000 BCNA tokens + 100,000 BCNA tokens (if a solution is provided).

    • Easy to exploit: 800,000 BCNA tokens + 100,000 BCNA tokens (if a solution is provided).

  • Theft of Funds:

    • Difficult to exploit: 800,000 BCNA tokens + 200,000 BCNA tokens (as máximum if a solution is provided).

    • Easy to exploit: 900,000 BCNA tokens + 200,000 BCNA tokens (as máximum if a solution is provided).

In the event that the total legitimate claims exceed the 2 million BCNA token reward pool, the BitCanna Team reserves the right to proportionally adjust the rewards within each category based on the severity and impact of the vulnerabilities reported. A reserve fund of 200,000 BCNA tokens will be set aside for exceptional cases or to reward exceptionally valuable solutions that substantially exceed standard problem resolutions.

It's important to note that the bonus of 100,000 BCNA tokens for solutions is the maximum additional reward for submissions that propose viable code improvements or fixes directly on GitHub. This bonus is aimed at encouraging substantive contributions that lead to the direct enhancement of the BCNAD token burning module's security and functionality. For a detailed explanation of reward distribution and handling of multiple reports, refer to the "Conflict Resolution" section.

Conflict Resolution:

  • Should there be multiple reports on vulnerabilities that are deemed valid, the reward will be distributed among the contributors based on the severity and impact of each report within its respective category. The distribution will be proportional, ensuring fair compensation for the effort and complexity involved in identifying and potentially resolving the vulnerabilities.

  • In exceptional cases, and at the sole discretion of the BitCanna Team, a larger budget may be allocated for rewards from the reserve fund, especially for solutions that significantly contribute to the security and stability of the BCNAD token burning module.

  • In instances of duplicate or concurrent reports, the timing of the issue's opening and the date of evidence submission on GitHub will play a crucial role in determining the priority for the reward distribution.

General Conditions:

  • Participants must adhere to ethical and legal standards during their research. Any action causing harm to BitCanna, its users, or third parties will result in immediate disqualification from the program.

  • BitCanna reserves the right to modify the terms of the program or cancel it at any time without notice.

  • To be eligible for rewards, participants are required to complete and sign a mandatory KYC (Know Your Customer) form as required by law.

We appreciate all participants in advance for their contributions to making the BitCanna network a safer and more reliable platform.

Last updated