Shield Testnet 2nd Bug Bounty Program

Hello Shielders!

Welcome to Shield Testnet Bug Bounty Program. The core of this program is “every bug counts,” and we are calling out to our community to find any bugs or vulnerabilities on any aspects of the protocol. Security is undoubtedly one of our top priorities, and during the testnet, the Shield team has partnered with two leading security companies — Peckshield and Slowmist to audit the code.

We will appreciate your efforts in contract security and any user experience. The level of severity and the reward for each submission will be evaluated on a case-by-case basis and will be solely at the discretion of the Shield team. Eligible participants will be rewarded in SLD based on the severity scheme, which is as follows:

Scope

The bug bounty covers the following aspects from the latest commit on the branch of this repository:

Critical:

Payout Range: 10,000~50,000 USDT

Examples:

- Steal assets from the system

- Permanent impairment of the protocol state

High:

Payout Range: 10,000~50,000 USDT

Examples:

- Price manipulation to cause cascading liquidation

Medium:

Payout Range: 5,000~10,000 USDT

Examples:

- Manipulate or compromise price discovery

Low:

Payout Range: under 5,000 USDT

Examples:

  • User dissatisfaction
  • UI & UE
  • Product interface
  • Trading pair

Submit a Bug

You can submit a bug by filling out this form (Shield Bug Bounty Submit Form — Google ). Please elaborate on the bugs as clearly as possible and in a detailed manner. We will reveal the application once we get it.

Time Period:

June 24, 2021 — July 10, 2021

Rules

1) A tester shouldn’t abuse the DOS/Ddos vulnerabilities or participate in social engineering attacks, spam, and phishing attacks

2) Issues that have already been submitted by another user or are already known to the Shield team are not eligible for bounty rewards.

3) Refrain from the use of automatic scanners and other actions which create a large number of traffic requests

4) Do not impact other users with your testing. This includes testing for vulnerabilities in accounts you do not own.

5) The Bug bounty program considers several variables in determining rewards. Determination of eligibility, score, and all terms related to an award is at the sole and final discretion of the bug bounty panel.

All Social Links| Telegram |Discord | Blog | Twitter | Website