Developers

You must not be an employee, a contractor, or have any business relationship with the Sperax Foundation or any of its subsidiaries (including former employees, former contractors, and those with previous business relationships).

The bounty rewards are subject to standard KYC requirements and vetting in order to be eligible.

The security bug must be found under the “Sperax” GitHub page, not the code of a third party.

Public disclosure of a vulnerability makes it ineligible for the bounty and will be held accountable.

The security bug must be original

You must not have written the buggy code or otherwise been involved in contributing any buggy code to the Sperax project.

The entire event and all terms related to an award are at the sole and final discretion of the Sperax team.

The equivalent of xxx USD in SPA tokens (according to the value of public token sale) to each bug.

The first team / individual whose pull request is added to the sperax code base gets the reward.

The severity of bugs is not graded.

If you discover a vulnerability, please submit a pull request on github and send a report of the vulnerability to bounty@sperax.io. Please include your name, email address, company name (if applicable), a description of the vulnerability, what potential impact the vulnerability has on Sperax, and a description of the steps you took to identify the vulnerability.

The bounty will be transferred to your ERC20 account within two weeks.

We will review the report and get back to you within one week.