Bug Bounty Program
Hord offers financial rewards to any security professional for identifying and reporting valid vulnerabilities and exploits on our app and domains.
One of the foundations of decentralized security is community-driven auditing. We encourage you to identify bugs, penetration vectors, front-end vulnerabilities, financial attack vectors, and other issues that may risk or destabilize the network and its operations.
How it Works
To report a potential bug, please fill out the form below with detailed and comprehensive information.
Our team reviews and prioritizes reported bugs and implements fixes accordingly. Please allow us time to correct an issue before making it public.
Rewards
Rewards are proportional to the severity of the reported issue. Upon receipt of the completed form, our development team assigns a severity score to the problem and prioritizes it accordingly.
The assessment of the reported bug will follow the OWASP risk rating model based on the impact and likelihood of the reported issue:
The reward amount per report is determined by the following factors:
- Demonstration of how the issue may be exploited to maximum effect.
- The severity of the issue.
- Issue complexity.
- Reproducibility of the issue.
- Existence of a Pull request with a valid fix of the issue.
Stable tokens or an equivalent amount in HORD tokens will be rewarded for valid bug reports. We might even pay higher amounts if we find the bug supercritical.
Below is a list of the approximate maximum amounts distributed, listed by order of bug severity:
- Lowup to 100 USD
- Mediumup to 500 USD
- Highup to 2,000 USD
- Criticalup to 5,000 USD
Stable tokens or an equivalent amount in HORD tokens will be rewarded for valid bug reports. If we find the bug supercritical and the report valid, we might pay even higher amounts.
We encourage you to uncover issues with the following characteristics:
- Contracts
Logic flaws/security issues / financial breaches.
- Contracts
Possible exploits and vulnerabilities - both architecture and implementation.
- Contracts
Upgradability and versions of schema attack vectors.
- API
Exploits, data breaches, leakages, permissions breaches, wrong behavior.
- Hord Protocol
Bugs, vulnerabilities, exploits, security breaches, cryptography errors.
- Front-End
Possible exploit by inserting malicious code, XSS attacks, clickjacking attacks or any vulnerabilities during Web3 interactions.
Eligibility
The first reporter who brings attention to a valid issue will be rewarded. Hord’s team might also choose to reward the first few people signaling the same problem.
We ask and encourage the community to report any bugs, even if they are not eligible for a reward. A better Hord is a win for all of us :)
Process
For security reasons, we might fix the bug even before contacting the reporter
- Step 1
Fill out the form
- Step 2
Get rewarded