Bridge Bug Bounty
I. Introduction
II. Scopes & Rules
III. Rewards
IV. How to participate?
I. Introduction
We are excited to announce a bounty program with a prize pool of $15,000 USD worth of mainnet $UCO for individuals who can identify bugs related to the Archethic Bridge. We invite developers, testers, and tech enthusiasts to participate and help us enhance the security and efficiency of our system.
II. Scopes & Rules
Participants are encouraged to focus on the following areas:
- Bridge Testnet (Front) - We are particularly interested in vulnerabilities that could potentially affect the performance or security of our bridge testnet.
- Blockchain Wallet (Signature TX - Interaction with DApp) - Identify issues in the transaction signatures and interactions with decentralized applications.
- Smart Contracts EVM - We’re looking for bugs in our Ethereum Virtual Machine smart contracts that could compromise their integrity.
- Smart Contracts AE - Spot and report any vulnerabilities in the Archethic Smart Contracts.
The following areas are not included in this bounty program:
- User Interface (UI)
- User Experience (UX)
- Translation / Typos
- Dead Links
- Documentation
- Problems on external blockchains : Ethereum, Polygon, BNB Chain (excluding EVM smart contracts)
III. Rewards
Participants will be rewarded in mainnet $UCO for each valid bug discovered, with the reward amounts varying depending on the severity of the bugs.
We have defined specific categories of bugs as follows:
Minor
- Preventing an individual from using the bridge.
- Bypassing or evading fees.
Major
- Preventing everyone from using the bridge.
- Blocking an HTLC, resulting in the loss of funds for an individual.
Critical
- Retrieving funds without a counterpart in HTLC.
- Accessing the funds of pools.
- Preventing or making it impossible to refund a contract.
- Man-in-the-middle attacks involving HTTPS validation.
- Creating value, such as minting assets.
- Blocking all HTLCs, leading to a loss of funds for everyone.
*Those are only examples, this list is non-exhaustive
The rewards will be distributed after our team reviews and validates the reported bugs. We strive to ensure that the rewards commensurate with the impact and severity of the identified bugs. Through your valuable contributions, we aim to achieve heightened security and functionality for the Archethic Bridge, safeguarding the interests of all users.
Important Disclaimer : Rewards will be distributed in mainnet $UCO.
IV. How to Participate
To join the bounty program, follow the steps outlined below:
- Review the scopes and rules to understand the focus areas and guidelines.
- Identify bugs or vulnerabilities within the defined areas.
- Report the bugs with detailed information: On Github / On Google Form
- Wait for our team to review and validate the submitted bugs.
- Earn rewards based on the severity of the validated bugs.
We are looking forward to your participation and contributions in making the Archethic Bridge more secure and efficient.
Together, we can achieve a higher standard of blockchain technology, ensuring reliability and trust for all users.
Archethic Public Blockchain
Archethic is a Layer 1 bringing web3 at your fingertips.
Its blockchain infrastructure is the most scalable, secure & energy-efficient solution on the market thanks to the implementation of a new consensus: "ARCH".
Archethic smart contracts expand developers' boundaries by introducing internal oracle, time-triggers, editable content & interpreted language.
Through native integration for DeFi, NFTs & decentralized identity; Archethic offers an inclusive and interoperable ecosystem for all blockchains.
In order to achieve the long-term vision of an autonomous network in the hands of the world population, we developed a biometric device respecting personal data privacy (GDPR compliant).
Making the blockchain world accessible with the tip of a finger. Be the only key! https://www.archethic.net/
Do you want to learn more?
White Paper
Yellow Paper
Wiki