As we approach the launch of Ethfinex and the Nectar token, we are now running an open bug bounty program for the Ethereum community to analyse our token contracts.
The Nectar token contracts have been published on Github and are available for review here.
Details about token functionality and design rationale can be found in our last blog post, which lays out the Nectar tokens development roadmap, as well as the Nectar token whitepaper.
Bug Bounty Rules
The bounty will follow the standard Ethereum Foundation bug bounty severity classifications, with the ultimate severity up to the discretion of the Ethfinex team.
The following rewards are available for each class of vulnerability:
- Note or Low: Up to 5 ETH;
- Medium: Up to 15 ETH;
- High or Critical: Up to 30 ETH.
Once validated, the bug payouts will go to the first submitter of a specific issue (depending on which category of severity the Ethfinex team judges it to be). Please note only security vulnerabilities or issues which could result in the loss of value (ether or tokens) for the contract or its token holders will be considered inside the scope, as opposed to non-security critical issues such as gas-optimisations or not conforming with current common practices.
Submissions
Any issues should be submitted to [email protected] with a description and instructions on reproducing the attack vector. Quality of the description will influence the level of the bounty within its severity category.