Scrypta launches its first Security & Bug Bounty Program which aims to involve a a developers community to improve the Scrypta dApp Ecosystem and make the infrastructure more efficient and grow together!
A strong projects is not only equipped with many dApps, with many features, and MVPs — it must also have a robust, powerful and secure basement to support the entire ecosystem.
Security issues represent a crucial point of blockchain systems but also one of the strongest requirements for blockchain to be adopted in the others companies and organizations.
To ensure Scrypta Ecosystem is highly secure and robust, we are pleased to launch our Security & Bug Bounty: Scrypta Praetorians Program.
What is the “Scrypta Praetorians Program”?
Scrypta Pretorians Program is a bug bounty launched by the Scrypta Foundation to invites developers from all over the world to help Scrypta in reviewing its code, increase the security level of the entire ecosystem, and earn significant bounties in the process.
In this program, Scrypta will release its development results which is then reviewed and tested by developers, thus maximizing the security of mainnet before it launches.
How Developers Can Review the Scrypta Ecosystem Code?
All released source code is available on Scrypta’s Github page.
From a security standpoint, we encourage developers to evaluate, identify and give us suggestions on one of the following:
1. General Security of Blockchain:
- Flaws of Scrypta’s general user experience
- Flaws of functions and designs
2. Web Security
- Information serialization and de-serialization
- Stability of web connection
3. Security of Transactions
- Security of executing transactions
- Security of ledgers
4. Security of our dApps
- Security of Scrypta ID
- Security of Scrypta Polls System
- Security of Scrypta Manent
- Security of Scrypta Contracts
***IMPORTANT UPDATE [10th July 2019]***
We decided to focus the attention only on the releases marked as “BUG BOUNTY ACTIVE” on our Github (you can find this wording on the main README file of the repo).Therefore only the work performed on the selected releases will be rewarded.
P.s.: a complete list on which the bug bounty is active can be found also in the “pretorian-program” room in our Discord channel .
Risk Levels And Ranges of Bounties:
Risk levels will be divided incrementally as: Critical, High and Low. Bounty rewards will be linked to these risk levels as follows:
Lvl 1 Risk: Critical Bounty: 10000 LYRA
- Potential systematic flaws, including access to server, access to data, access to website administration, transaction manipulations etc.
Lvl 2 Risk: High Bounty: 5000 LYRA
- Potential risks of leaks or manipulation of user accounts: private keys, user’s sensitive information and data etc
- Potential leaks of system’s sensitive information, source code etc
- Risks of having negative impact on transaction speed of main net or loss of crypto assets
Lvl 3 Risk: Medium Bounty: 1000 LYRA
- Risks of being unable to implement transactions
- Leaks of insensitive information of users that may not cause direct loss of assets
Lvl 4 Risk: Low Bounty: 500 LYRA
- Problems of user experience of Scrypta main net
How To Report Bugs Detected:
- Scrypta will review and quickly reply once a developer completes the form and submits: http://tiny.cc/devbounty
- Open an issue on our GitHub profile (on a specific repository)
Please Note: Provide detailed reports with reproducible steps. If there is insufficient detail and we cannot reproduce the issue, the issue will not be eligible for a reward.
Apply now on Typeform! Let’s play!
Rules of Bug Bounty Program:
“Scrypta Praetorians Program” is limited to the latest version of code.
Issues that have already been submitted by another user or are already known to the Scrypta Team are not eligible for bounty rewards
Security optimization should follow the principle of self-realization.
Problems caused by same source should be considered as 1 bug.
Only when the process of “Bug submission — Project verification — Improvements” is completed can a contributor receive the bounties.
Scrypta has the responsibility of publishing its improvements after a bug is detected within 2 weeks.
Any vicious attacks, stealing of user data or abuse of intellectual property in the name of reviewing the code will be investigated by Scrypta Foundation.
Scrypta reserves the right of final interpretation.
SCRYPTA - Adaptive BlockchainWebsite: www.scryptachain.org
Block Explorer: https://chainz.cryptoid.info/lyra
Official Github: https://github.com/scryptachain
Twitter: https://twitter.com/scryptachain
Discord: https://discord.me/scryptachain
Telegram: https://t.me/scryptachain_official
e-mail: info@scryptachain.org
