The WINGS Bug Bounty Program
Help and earn rewards up to 5000 WINGS
Calling all security specialists
We are about to finally launch the mainnet version of WINGS and need your peering eyes combing through the code and finding anything that us and our auditing partners might have missed.
The bounty reward is up to 1000 WINGS for issues requiring beta re-deploy, and up to 5000 WINGS for critical issues, all payable in WINGS tokens.
- 500 WINGS: For any severe bugs that don’t require contracts redeploy
- 1,000 WINGS: Any bugs leading to stopping using the current contracts and having to redeploy the new version to the testnet
- 2,500 WINGS reward for bugs allowing any first party to break into their own funds
Example: WINGS tokens owner can transfer the forecast tokens despite them being locked - 5,000 WINGS reward for bugs allowing any 3rd party to access funds
Example: Anyone can transfer the WINGS tokens in the contract
We follow the bounty rules established by Ethereum Foundation: https://bounty.ethereum.org, such as first come, first serve; any reports submitted by others or already known to the team will not be rewarded.
Testnet site
The testnet is accessible on the following address:
Bounty scope
Actual financial losses issues:
- Impossibility of closing a forecast and getting the locked Wings back
- Impossibility of getting deposited Wings during project creation back
- Incorrect calculations of the Ethereum transaction fees
Calculations issues:
- Incorrect calculation and distribution of rewards
- Wrong distribution of project deposit fee (in case of project rejection or cancellation)
- Wrong calculation of FR
Flow issues:
- Deadlock of project
Security issues:
- Vulnerabilities (for example: XSS attack)
Other issues
- Back-end/front-end related issues:
- Incorrect responses from the API
Any other issue that might prevent the correct platform use
Note that some actions could ask for a different gas parameters, so before reporting an issue, test it with a different gas limit
Out of scope:
- Browsers bugs
- Any UX issues on the platform
- Text and grammar
Submission deadline
The bug bounty ends on 11/3/2018.
Responsible Disclosure
We ask you to follow a responsible disclosure:
- Provide reasonable time to resolve any issues you report before making them public or sharing with anyone else
- Avoid violations and disruptions to anyone with the knowledge you gained
- Not exploit the security issue, including for demonstration purposes
Contact
Please send your findings to: bounty@wings.ai, feel free to make the submissions anonymous.
Make sure to include your ETH address for receiving your reward.