With our start time for the v0.1 contribution period less than a week away and the security audits close behind us (thanks to Ahmad Ali, Adam Dossa, and especially Jordi Baylina whose excellent writeup can be found here), we’re moving into the final phase of securing our district0x Network Token Smart Contracts.
We’re introducing a bug bounty program covering all district0x Network Token smart contracts, with bounties of up to $20,000 (paid in ETH) for the most severe vulnerabilities found. You can submit your findings to the issue board https://github.com/district0x/district0x-network-token/issues.When:
The bug bounty program starts as soon as this post is live, and all future reports will be reviewed and compensated if necessary as per the terms below. The bounty period will conclude when the contribution period closes (more details on those conditions here).Rules: Duplicate issues will not be eligible for bounties. All reports are scored on a first-come first-serve basis. district0x team members, auditors, and any other party paid by the district0x are not eligible for bounties. High quality reports including steps for reproduction as well as a vulnerability fix and a working test that demonstrates the failing and passing case will be awarded larger bounties. Reports are determined for eligibility, scored, and awarded at the sole and final discretion of the district0x team. Any reports which do not follow our responsible disclosure policy outlined below will be subject to disqualification. Responsible Disclosure Policy
In order to protect our network and participants from malicious entries in this program, we ask the following:No vulnerability found at any time is exploited for any reason, including demonstrations of the vulnerability for the purposes of the report. You protect the privacy, data, and service integrity of other individuals and services with best effort...