From 0393eb12e61236c6f900ae4690ee2431745bc2bf Mon Sep 17 00:00:00 2001 From: mingda Date: Wed, 5 Aug 2020 17:17:26 +0800 Subject: [PATCH] add bug bounty --- README.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/README.md b/README.md index a247974..d81057c 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,31 @@ You could find the audit report [here](https://raw.githubusercontent.com/DODOEX/ You could find all documents and info about DODO [here](https://dodoex.github.io/docs/docs) +## Bug Bounty 💰 + +### Rewards + +Severity of bugs will be assessed under the [CVSS Risk Rating](https://www.first.org/cvss/calculator/3.0) scale, as follows: + + - Critical (9.0-10.0): Up to $50,000 + - High (7.0-8.9): Up to $10,000 + - Medium (4.0-6.9): Up to $2,000 + - Low (0.1-3.9): Up to $1,000 + +In addition to assessing severity, rewards will be considered based on the impact of the discovered vulnerability as well as the level of difficulty in discovering such vulnerability. + +### Disclosure + +Any vulnerability or bug discovered must be reported only to the following email: contact@dodoex.io; must not be disclosed publicly; must not be disclosed to any other person, entity or email address prior to disclosure to the contact@dodoex.io email; and must not be disclosed in any way other than to the contact@dodoex.io email. In addition, disclosure to contact@dodoex.io must be made promptly following discovery of the vulnerability. Please include as much information about the vulnerability as possible, including: + + - The conditions on which reproducing the bug is contingent. + - The steps needed to reproduce the bug or, preferably, a proof of concept. + - The potential implications of the vulnerability being abused. + +A detailed report of a vulnerability increases the likelihood of a reward and may increase the reward amount. + +Anyone who reports a unique, previously-unreported vulnerability that results in a change to the code or a configuration change and who keeps such vulnerability confidential until it has been resolved by our engineers will be recognized publicly for their contribution, if agreed. + ## Contact Us Send E-mail to contact@dodoex.io \ No newline at end of file