The BitPool Bug Bounty Program is designed to reward security researchers and community members for responsibly identifying and reporting potential security vulnerabilities and bugs within the BitPool platform. The program aims to enhance the security and stability of BitPool by encouraging the community to actively participate in identifying and addressing security issues.
Rewards and Recognition:
- Rewards will be given in BITP tokens based on the severity and impact of the reported bug.
- The severity levels and corresponding rewards will be categorized as follows:
- Critical: Up to 5,000 BITP tokens
- High: Up to 3,000 BITP tokens
- Medium: Up to 2,000 BITP tokens
- Low: Up to 1,000 BITP tokens
- The Bug Bounty Program will also provide recognition for researchers who consistently contribute positively to the security of the platform.
- The Bug Bounty Program is open to all individuals and security researchers.
- The researchers must adhere to the program’s terms and conditions, including responsible disclosure.
The Bug Bounty Program covers security vulnerabilities and bugs related to the BitPool platform, including but not limited to:
- Authentication and authorization issues
- Cross-Site Scripting (XSS) vulnerabilities
- Cross-Site Request Forgery (CSRF) vulnerabilities
- Remote Code Execution (RCE) vulnerabilities
- SQL injection vulnerabilities
- Information disclosure issues
- Denial of Service (DoS) attacks
- Privilege escalation vulnerabilities
- Security misconfigurations
- GamePlay issues that have not previously been reported
Out of Scope:
The following issues are considered out of scope for the Bug Bounty Program:
- Any vulnerabilities or bugs in third-party applications and services integrated with BitPool.
- Vulnerabilities that have already been reported and are in the process of being fixed.
- Social engineering or phishing attacks against BitPool users.
- Spam or Distributed Denial of Service (DDoS) attacks.
- Issues related to outdated browsers or plugins.
- Researchers must provide clear and detailed reports of the vulnerability or bug, including steps to reproduce, potential impact, and possible mitigation.
- Reports must be submitted via the official Bug Bounty Program submission form or email.
- Researchers must not disclose the reported vulnerability to any unauthorized parties until it has been resolved.
- Researchers must comply with the responsible disclosure policy and allow a reasonable amount of time for BitPool to address and fix the reported vulnerability before any public disclosure.
Legal Safe Harbor:
BitPool will not pursue legal action against researchers who make a good faith effort to comply with the Bug Bounty Program’s terms and conditions and adhere to the responsible disclosure policy.
The Bug Bounty Program will be managed by the BitPool security team, who will assess the validity and severity of reported vulnerabilities and determine appropriate rewards.
BitPool reserves the right to modify the Bug Bounty Program framework, rewards, and scope at any time. Researchers are encouraged to regularly check the official Bug Bounty Program page for any updates.
For any inquiries or to submit bug reports, please use the following contact methods:
- Email: email@example.com
- Submission Form: https://play.bitpool.gg/bug
Together, let’s build a secure and robust BitPool platform! Happy bug hunting!