Go Behind the Chain with Sperax and our friends on Nov. 13. 2020 Go Behind the Chain with Sperax and our friends on Nov. 13. 2020
Bug Bounty and Grants

We invite all blockchain enthusiasts to find security vulnerabilities and help us keep our protocol safe. Contact frida@sperax.io if you spot anything at any time.

Find a bug and get rewards! Also, stay tuned for upcoming grants.


Rules
You must not be an employee, a contractor, or have any business relationship with the Sperax Foundation or any of its subsidiaries (including former employees, former contractors, and those with previous business relationships).
The bounty rewards are subject to standard KYC requirements and vetting in order to be eligible.
The security bug must be found under the “Sperax” GitHub page, not the code of a third party.
Public disclosure of a vulnerability makes it ineligible for the bounty and will be held accountable.
The security bug must be original
You must not have written the buggy code or otherwise been involved in contributing any buggy code to the Sperax project.
The entire event and all terms related to an award are at the sole and final discretion of the Sperax team.
Vulnerabilities Severity Assessment Framework
Significant
Bug that could crash Sperax network
Bug that could damage Sperax economy
Bug that could deviate consensus
High
Bug/Design that could cause network congestion with low costs
Bug that could crash a Sperax node
Flawed implementation/behavior of xxx/ system scripts
Medium
Second-rate implementation of Sperax stage storage mechanism
Low
Any other crucial performance improvements for Sperax
Rewards
The equivalent of xxx USD in SPA tokens (according to the value of public token sale) to each bug.
The first team / individual whose pull request is added to the sperax code base gets the reward.
Bug Reporting and Evaluation
The severity of bugs is not graded.
If you discover a vulnerability, please submit a pull request on github and send a report of the vulnerability to bounty@sperax.io. Please include your name, email address, company name (if applicable), a description of the vulnerability, what potential impact the vulnerability has on Sperax, and a description of the steps you took to identify the vulnerability.
The bounty will be transferred to your ERC20 account within two weeks.
We will review the report and get back to you within one week.