FAQs for the QuillAudits Bug Bounty Platform
‣
- The QuillAudits Bug Bounty Platform is an initiative that invites independent security researchers and bounty hunters to identify and report security vulnerabilities in our web3 projects. It aims to enhance the security of our decentralized ecosystem through responsible disclosure and ethical participation.
‣
- Participation is open in two ways:
- Quill Red Team: Members of the Quill Red Team get early access to projects and exclusive opportunities. To join, click here and fill out the form.
- Independent Researchers: Independent security researchers are also encouraged to participate by clicking here and submitting vulnerability reports.
‣
- Yes, you can participate with an existing Red Team by clicking "Participate" under the specific project being shown. Your participation will depend upon the approval from the red team lead.
‣
- To join the Quill Red Team, click here and fill out the form. Keep contributing to the projects, and we will soon reach out to you.
‣
- The scope includes all our web3 projects and related smart contracts. Please review the detailed scope document on our website for specific information.
‣
- All vulnerabilities that impact the security and reliability of our web3 projects are eligible. This includes critical, high, medium, and low-level vulnerabilities.
‣
- Vulnerability reports can be submitted through the official submission form on the QRT Project website or via our Telegram channel. Please include a detailed description, reproducible steps, and potential impact in your report.
‣
- Yes, responsible disclosure is mandatory. Please allow us time to address and fix reported vulnerabilities before any public disclosure.
‣
- Vulnerability reports can be submitted at any point before the Bug Bounty Program's deadline, as specified in the program guidelines.
‣
- Rewards are based on the severity and impact of the reported vulnerability. Critical findings are rewarded more generously, while low-level vulnerabilities receive minor rewards.
‣
- Yes, researchers are encouraged to submit multiple valid vulnerabilities. However, avoid submitting duplicate or trivial reports to ensure fair rewards distribution.
‣
- The evaluation process varies depending on the complexity and severity of the reported vulnerability. We strive to process rewards as efficiently as possible and will contact researchers privately for reward details.
‣
- No, publicly disclosing any vulnerability before the end of the Bug Bounty Program is grounds for disqualification from rewards and future participation.
‣
- There is no set limit, and all qualified researchers are welcome to join the Quill Red Team.
‣
- Yes, collaboration with other researchers is encouraged. Sharing knowledge and insights helps foster a cooperative bug-hunting community.
‣
- QuillAudits maintains strict confidentiality for all bug bounty program-related information and communications. Vulnerability reports are shared only with authorized team members.
‣
- Vulnerabilities outside the program's scope are not eligible for rewards. However, we appreciate researchers reporting such findings for future consideration.
‣
- Yes, unauthorized testing methods include exploiting on mainnet, conducting denial of service (DoS) attacks, and any non-technical vulnerability testing.
‣
- Yes, valuable suggestions and best practices fall under the "Informational" category and are recognized and appreciated.
‣
- Except for the monetary reward, researchers who consistently provide high-quality submissions and demonstrate ethical conduct may be recognized in our Hall of Fame or invited to join our Quill Red Team.
‣
- For any inquiries or support, you can reach out to our team through the dedicated channel on our Discord server or contact the specified point of contact.
Thank you for your interest in the QuillAudits Bug Bounty Platform. We value your commitment to making our decentralized ecosystem more secure.