- 1. Introduction:
- 2. Bug Bounty Guidelines:
- 3. Vulnerability Submission:
- 4. Unauthorized Test Methods:
- 5. Responsible Disclosure and Forfeiture:
- 6. Questions and Feedback:
- 7. Authorization and Legal Protection:
1. Introduction:
Welcome to the QuillAudits Red Teaming Bug Bounty Program! Our mission is to ensure the security and robustness of our web3 projects. This policy outlines the rules and guidelines for ethical participation, vulnerability submissions, and responsible disclosure. Your contributions play a vital role in creating a secure decentralized ecosystem.
2. Bug Bounty Guidelines:
As part of the Quill Red Team community, you are expected to:
- Register as an independent researcher or join our Quill Red Team to participate in the Bug Bounty Program.
- Submit your vulnerability reports using our designated submission form on the QRT Project website or through our official Telegram channel.
- Prioritize user data privacy, refrain from disrupting production systems, and avoid data manipulation.
- Exercise responsible exploitation; use only the necessary extent to confirm the vulnerability without causing harm.
- Respect disclosure timelines; refrain from public disclosure until the vulnerability has been addressed.
3. Vulnerability Submission:
To submit a vulnerability report:
- Utilize the official submission form available on our website or contact us via Telegram for confidential reports.
- Submit your report before the Bug Bounty Program's deadline.
- Include comprehensive details about the discovered vulnerability, its potential impact, and steps to reproduce it.
- If possible, provide proof of concept scripts or screenshots to support your findings.
4. Unauthorized Test Methods:
The following testing methods are not authorized within the QuillAudits Bug Bounty Program:
- Exploiting on mainnet or using real funds.
- Conducting Denial of Service (DoS or DDoS) attacks or any actions that disrupt the system's functionality.
- Physical testing, social engineering, or any non-technical vulnerability assessments.
5. Responsible Disclosure and Forfeiture:
Responsible disclosure is essential for our Bug Bounty Program. Publicly disclosing vulnerabilities before the program's conclusion will result in disqualification from rewards and future participation.
6. Questions and Feedback:
For any inquiries or feedback, please use the dedicated channel on our Discord server. We value your input and continuously strive to enhance our program.
7. Authorization and Legal Protection:
By adhering to this policy, QuillAudits acknowledges your authorized security research:
- We commit not to pursue legal action against you for conducting good-faith research within our program.
- In case of any legal action initiated by a third party, we will support you and clarify your authorized research under our Bug Bounty Program.
Thank you for joining the QuillAudits Bug Bounty Program. Your dedication to securing our web3 projects makes a significant impact. Together, we build a safer and more resilient web3 ecosystem for all users.