Bug Bounty
Overview
At MultichainZ, we prioritize the security and protection of our users. We are pleased to introduce the MultichainZ Bug Bounty Program (the "Program") for our web3.0 lending protocol. This program encourages community members to contribute by identifying and responsibly disclosing bugs or vulnerabilities. By participating in this Program, you have the opportunity to earn rewards and help enhance the security of MultichainZ.
Rewards will be granted based on the severity of the reported bug, with evaluations and rewards reaching up to USD $250, 000.
The specific scope, terms, and rewards are subject to the discretion of our team ("Team").
Scope:
The Program covers vulnerabilities and bugs found within the MultichainZ lending protocol core repository. This repository is primarily located on GitHub under the MultichainZ organization.
The following items are not within the scope of this Program:
1. Bugs found in third-party contracts or platforms that interact with MultichainZ.
2. Vulnerabilities related to website domains, DNS, or servers.
3. Vulnerabilities already reported or discovered in contracts built by third parties on MultichainZ.
4. Any bugs or vulnerabilities that have already been reported.
The eligibility, scoring, and all other terms related to rewards and their payment are solely determined by the Team.
Eligibility Criteria
To be eligible for a reward under this Program, you must:
1. Discover a previously unreported, non-public vulnerability within the scope of this Program. The vulnerability must be distinct from issues covered in publicly available audits conducted previously.
2. Be the first to disclose the unique vulnerability to the Team, adhering to the disclosure requirements mentioned below. In the case of similar vulnerabilities being reported, the first valid submission will be rewarded.
3. Possess sufficient technical knowledge and provide necessary information to reproduce and fix the vulnerability.
4. Conduct the disclosure of the bug in a lawful manner, without engaging in any unlawful conduct, threats, demands, or coercive tactics.
5. Avoid exploiting the vulnerability in any way, including making it public or using it for personal profit, except for the rewards provided by this Program. Any publicity related to a bug or vulnerability, directly or indirectly, will disqualify the submission and you from the Program.
6. Make a good faith effort to avoid privacy violations, data destruction, interruption, or degradation of the MultichainZ protocol.
7. Submit only one vulnerability per submission, unless you need to chain vulnerabilities to demonstrate their impact. If you want to add additional information to a previously submitted issue, create a new submission and reference the initial report.
8. Do not submit a separate vulnerability caused by an underlying issue for which a reward has already been paid under this Program.
9. Not be a current or former employee, vendor, service provider, or contractor of MultichainZ, nor an employee of any of those vendors or contractors. Additionally, immediate family members (parent, sibling, spouse, or child) or household members of such persons are not eligible.
10. Not be subject to any international, national, or state-level sanctions.
11. Be at least 18 years old, or if younger, obtain the consent of your parent or guardian before submitting a vulnerability.
Disclosure
All discovered vulnerabilities or bugs must be reported to the Team via contact@multichainz.com. The disclosure must occur within 24 hours of discovering the vulnerability. Prior to disclosure, the vulnerability must not have been exploited, publicized, or disclosed to any third party other than the Team. Additionally, the vulnerability should only be disclosed after the bug has been fixed.
It is mandatory to read and comply with the responsible disclosure policy, which can be found in the references. Submissions that do not follow.
Additional Terms
The Company's decisions regarding rewards are conclusive and binding.
When you submit your report, you grant the Company all necessary rights, including intellectual property rights, to validate, mitigate, and disclose the vulnerability. The Company holds sole discretion in determining eligibility for rewards, reward amounts, and payment methods.
The terms and conditions of the Program are subject to modification at any time. The Company reserves the right to modify or terminate the Program for any reason, at its sole discretion.
Last updated