Greetings from the QRT Bug Bounty Platform!
We are thrilled to open our doors to independent security researchers and bounty hunters as we jointly endeavour to bolster the security of our suite of web3 projects.
We recognize that your wealth of knowledge and expertise is integral to ensuring the steadfast safety and unfaltering reliability of our decentralized ecosystem. To facilitate an efficient and effective bounty-hunting experience, we have compiled the following comprehensive guidelines:
- Platform Scope: The QRT Bug Bounty Platform is all-encompassing, including every one of our web3 projects and associated smart contracts. Each project presents a unique challenge, allowing bounty hunters to employ their diverse skill sets. For a meticulous description of the areas and aspects covered, we encourage you to examine the detailed scope document housed on our website.
- Eligibility for Participation: Our platform is an inviting arena for all independent security researchers and bounty hunters seeking to employ and improve their skills. However, we respectfully draw the line at employees and affiliates of QuillAudits - their participation is deemed ineligible.
- Principle of Responsible Disclosure: We firmly believe in and uphold responsible disclosure practices. We request you to exercise patience and professionalism by not disclosing any vulnerabilities publicly until we've had the opportunity to remediate them. This precaution ensures the security of all users and the integrity of our projects.
- Legal Compliance and Ethical Testing: All testing activities must strictly adhere to relevant local and international laws and regulations. Unauthorized access, manipulation, or misuse of user data is strictly prohibited. Please note that ethical hacking principles should guide all activities on our platform.
- Vulnerability Reporting Process: We have put in place an efficient system to report vulnerabilities via our Bug Bounty platform or our dedicated Telegram channel. Reports should be as detailed as possible, including a full description of the issue, explicit steps to reproduce the problem, and an evaluation of the potential impact. This comprehensive information aids our team in replicating and addressing the issue promptly.
- Reward Distribution: Our bounty rewards system is designed to reflect the severity and the potential impact of the discovered vulnerabilities. We ensure a proportionate reward, with critical findings receiving the highest remuneration. For more granular details about the bounty payout structure, you are requested to visit the respective project page.
- Out-of-Scope Vulnerabilities: Certain types of vulnerabilities fall outside the purview of this platform. These include but are not limited to, Denial of Service (DoS) attacks, social engineering tactics, physical attacks, and issues associated with third-party services. We urge researchers to focus on in-scope vulnerabilities to make the most out of their efforts.
- Confidentiality Agreement: It is of utmost importance that all communications and findings are treated with strict confidentiality. Any information regarding the vulnerabilities should not be shared with third parties. This respect for privacy ensures a secure environment for all users and preserves the integrity of our projects.
- Ownership and Usage of Findings: While you maintain ownership of your findings, QuillAudits secures a non-exclusive, perpetual license to utilize your discoveries for the purposes of enhancing security and implementing necessary improvements. We believe this approach strikes a balance between recognizing your work and allowing us to build a safer platform.
- Legal Disclaimer: Please note that QuillAudits reserves the right to modify the Bug Bounty Platform or the guidelines as necessary. Participation in our platform is entirely voluntary and undertaken at your own risk.
- Code of Conduct: Respect and professional conduct are paramount in our platform. We implore you to avoid any malicious activities and to uphold the values of our community. Any violations of the code of conduct will, unfortunately, result in immediate disqualification from the program.
- Communication Channels: We understand the importance of open lines of communication. For any inquiries, suggestions, or concerns about the Bug Bounty Platform, please don't hesitate to contact us on Telegram.
Your participation in the QuillAudits Web3 Bug Bounty Platform is immensely appreciated. Your efforts and contributions are the cornerstones in moulding a more secure decentralized ecosystem. Let's join hands to create a safer, more reliable web3 environment that benefits all users worldwide!