With the bug bounty program we want to permit independent researchers to discover and report issues that affect the security, integrity and/or availability of users’ funds in our Dapp and rewards them for being the first to discover a bug.
In order to qualify for the bounty, please send us your bug description and potential patch directly to our Github repository. You must work with us to have it accepted into the repository without reverts for one month. After these prerequisites are met, please submit your claim for the bounty via our claim form.
We ask you to respect the time of your fellow volunteers, and strictly adhere to the coding, testing, and submission standards employed for our project. When notifying us, please include links to all relevant code locations and diffs. Be sure to explain the project-specific benefits offered by the patch.
Rewards for qualifying submissions range from 15,000 NTZ to 1,500,000 NTZ. The final amount is always chosen at the discretion of the Acebusters team and is based on our judgment of the complexity and impact of the patch. The usual reward amounts are:
- Up to 1,500,000 NTZ for complicated, high-impact improvements that almost certainly prevent major vulnerabilities in the affected code.
- 750,000 NTZ for moderately complex patches that offer compelling security benefits.
- 300,000 NTZ for submissions of modest complexity or for ones that offer fairly speculative gains.
- 15,000 NTZ “one-liner special” for trivial improvements that nevertheless have a merit from the security standpoint.