Code contributions & bug bounty

Interested in helping us build the substrate of Collective Neuro Symbolic AI?

As part of the DKG V8 rollout we encourage bounty hunters and open source contributors to improve and secure the DKG implementation with a pool of rewards of 50.000 TRAC tokens (more info here).

Code contributions

We encourage code contributions to the following repositories.

  • ot-node

  • dkg-evm-module

  • dkg.js

  • dkg.py

Please check the contribution guidelines in each repo.

Once a contribution is made, you can tag the development team in your Pull Request for an assessment of your contribution. If you'd like to check if your contribution will qualify for a reward, contact us in Discord.

V8 Bug bounty

With the intention to ensure the security and proper functioning of the DKG V8, a d. Each submission will be evaluated based on its severity and will correspond to a specific bounty reward.

Vulnerability Categories and Rewards:

  • Minor Bug: 50 TRAC

  • Medium Bug: 200 TRAC

  • Critical Bug: 5000 TRAC

Bug Bounty Rules:

  1. Severity Assessment: The severity of each bug will be determined solely at the discretion of Trace Labs, based on both the likelihood and impact of the bug. All reward decisions are final.

  2. Submission Process: Please send your bug reports to bounty@origin-trail.com, with the subject "WEBSITE/APP BUG BOUNTY." We will evaluate the severity of the bug upon receipt and contact you with further information. Submissions through other channels (e.g., social media) will not be accepted.

Security Vulnerabilities:

  • SQL injection.

  • Cross-site scripting (XSS).

  • Cross-site request forgery (CSRF).

  • Remote code execution (RCE).

  • Insecure configurations in web servers, databases, and application frameworks.

  • Session hijacking and clickjacking.

  • Sensitive data exposure.

  • Unauthorized access to user accounts.

  • Bypassing authentication mechanisms.

  • Credentials exposure.

  • Logic bypasses.

Example Submission Template:

**Title:** [Short description of the vulnerability]

**Description:**
[A detailed description of the vulnerability, including what it is and how it can be exploited]

**Steps to Reproduce:**
1. [First step]
2. [Second step]
3. [Further steps as necessary]

**Proof of Concept:**
[Include any screenshots, videos, or code snippets]

**Impact:**
[Explain the potential impact of the vulnerability]

**Suggested Fix:**
[Provide recommendations for how to fix the issue]

**Additional Information:**
[Any other information that might be relevant]

Important restrictions

Please ensure that while doing testing you are not harming any live contracts on public networks, otherwise you will not be eligible for bug bounty.

Leaking any vulnerability of the smart contracts on any social media platforms or public channels will lead to cancellation of Bounty and might also invite legal action.

Legal notice

We cannot issue rewards to individuals on sanctions lists, or who are in countries on sanctions lists. You are responsible for any tax implications depending on your country of residency and citizenship. There may be additional restrictions depending upon your local law.

This is a discretionary rewards program. We can cancel the program at any time, and the decision to pay a reward is entirely at Trace Labs discretion.

Your testing must not violate any law, or disrupt or compromise any data that is not your own.

To avoid potential conflicts of interest, we will not grant rewards to Trace Labs employees, employees that have left Trace Labs within last 2 years and contractors.

PreviousStaking security bountyNextDelegated Staking (V8)

Last updated