OriginTrail
  • Get started with OriginTrail
  • Key Concepts
    • Decentralized Knowledge Graph (DKG)
    • DKG key concepts
  • Build with DKG
    • Quickstart (test drive the DKG in 5 mins)
    • ChatDKG builder toolkit
      • DKG SDK
        • Development environment setup
        • DKG Javascript SDK (dkg.js)
          • Interact with DKG paranets
          • Knowledge submission & curation
          • Paranet's incentives pool implementation
        • DKG Python SDK (dkg.py)
      • DKG paranets
        • Deploying a DKG paranet
        • Building with DKG paranets
        • Syncing a DKG Paranet
        • Initial Paranet Offerings (IPOs)
          • IPO specification
          • Launching your IPO
          • Paranet's incentives pool
          • IPO voting
      • AI agents
        • ElizaOS DKG agent
        • Custom DKG Python agent
        • Custom DKG JavaScript agent
    • DKG Edge Node
      • DKG Edge Node architecture
      • Get started with the Edge Node boilerplate
        • Automated setup with the installer
        • Manual setup
        • Usage example
      • Customize & build with the Edge Node
      • Knowledge Mining and dRAG examples
      • DKG Edge Node inception program
      • DKG Edge Node API documentation
    • DKG Core Node
      • Run a V8 Core Node on testnet
        • Preparation for V8 DKG Core Node deployment
        • V8 DKG Core Node installation
      • Run a V8 Core Node on mainnet
        • Preparation for V8 DKG Core Node deployment
        • V8 DKG Core Node installation
  • Delegated staking
    • Delegated staking—Introduction
      • Step-by-step staking
      • Redelegating stake
  • Integrated Blockchains
    • Base blockchain
      • Connect to Base
    • Gnosis chain
      • Connect to Gnosis
    • NeuroWeb
    • Teleport instructions - NeuroWeb
    • Bridging to Moonbeam
    • Deployed smart contracts
  • Bounties & rewards
    • General bug bounty
    • Code contributions & V8 bug bounty
  • Whitepapers & RFCs
    • OriginTrail whitepaper
    • OriginTrail RFCs
  • Useful Resources
    • What's new with OriginTrail V8
    • DKG V8 guidebook
      • Protocol updates
      • Feature roadmap
      • How to upgrade to V8?
    • Public nodes
    • Tutorials
    • Test token faucet
    • Development principles
    • Community created resources
    • Linked data & knowledge graphs
    • Available networks, network details and RPCs
    • OT Node Engine implementation details
      • Modules
      • Command Executor
    • Contribution guidelines
      • Guidelines for automated test contributions
    • Explore the OriginTrail ecosystem
Powered by GitBook
On this page
  • Vulnerability categories and rewards
  • Bug bounty rules
  • Security vulnerabilities
  • Example submission template
  • Important restrictions
  • Legal notice

Was this helpful?

Edit on GitHub
  1. Bounties & rewards

General bug bounty

PreviousDeployed smart contractsNextCode contributions & V8 bug bounty

Last updated 3 months ago

Was this helpful?

To ensure the security and proper functioning of our websites and applications, Trace Labs has launched a dedicated bounty program. Each submission will be evaluated based on its severity and will correspond to a specific bounty reward.

Vulnerability categories and rewards

  • Minor bug: 50 TRAC

  • Medium bug: 250 TRAC

  • Serious bug: 500 TRAC

  • Critical bug: 1000 TRAC

Bug bounty rules

  1. Severity assessment: The severity of each bug will be determined solely at the discretion of Trace Labs, based on both the likelihood and impact of the bug. All reward decisions are final.

  2. Submission process: Please send your bug reports to with the subject "WEBSITE/APP BUG BOUNTY." Upon receipt, we will evaluate the severity of the bug and contact you with further information. Submissions through other channels (e.g., social media) will not be accepted.

Security vulnerabilities

  • SQL injection.

  • Cross-site scripting (XSS).

  • Cross-site request forgery (CSRF).

  • Remote code execution (RCE).

  • Insecure configurations in web servers, databases, and application frameworks.

  • Session hijacking and clickjacking.

  • Sensitive data exposure.

  • Unauthorized access to user accounts.

  • Bypassing authentication mechanisms.

  • Credentials exposure.

  • Logic bypasses.

Example submission template

**Title:** [Short description of the vulnerability]

**Description:**
[A detailed description of the vulnerability, including what it is and how it can be exploited]

**Steps to Reproduce:**
1. [First step]
2. [Second step]
3. [Further steps as necessary]

**Proof of Concept:**
[Include any screenshots, videos, or code snippets]

**Impact:**
[Explain the potential impact of the vulnerability]

**Suggested Fix:**
[Provide recommendations for how to fix the issue]

**Additional Information:**
[Any other information that might be relevant]

Important restrictions

Please ensure you do not harm any live contracts on public networks while testing; otherwise, you will not be eligible for a bug bounty.

Leaking any vulnerability of the smart contracts on social media platforms or public channels will result in the cancellation of the bounty and might also invite legal action.

Legal notice

We cannot issue rewards to individuals on sanctions lists or who reside in countries on sanctions lists. Depending on your country of residency and citizenship, you are responsible for any tax implications. Your local law may also impose additional restrictions.

This is a discretionary rewards program. We can cancel the program at any time, and the decision to pay a reward is entirely at Trace Labs' discretion.

Your testing must not violate any law or disrupt or compromise any data that is not your own.

To avoid potential conflicts of interest, we will not grant rewards to Trace Labs employees, employees who have left Trace Labs within the last 2 years, and contractors.

bounty@origin-trail.com