LogoLogo
DiscordForumGithub
English
English
  • Welcome to 1Hive
  • Community Covenant
  • 🌱Getting Started
    • Terminology
    • Contributing
    • Discord
    • Pollen
    • Calendar
    • Honey
      • Participation
      • Supply
      • Distribution
      • Decisions
  • ✨Projects
    • Celeste
    • Gardens
    • Quests
    • Honeyswap
      • Honeyswap on xDai
      • Honeyswap on Polygon
      • Audits & Security
    • Honeycomb
      • Farms on xDai
      • Farms on Polygon
    • Agave
    • Water
  • 🌳Community
    • Swarms
      • 🌻Gardens
      • 🌞Celeste
      • 🌟Quests
      • 🐝Buzz
      • 🏵️Pollen
      • 🌷Tulip
        • Tulip Swarm Contributor Onboarding Handbook
      • 🐱Fauna
      • Support
      • 🌺Flora
      • 🌍Terra
      • 🦋Morphosis
      • 🌐Commons
      • 🌜Luna
      • 🐛Bug Bounty
    • Media
      • Social Accounts
      • Social Curation
      • Buzz Bounty
    • Design
      • Brand Guidelines
    • Courses
      • Data Analysis
  • 🌾Developers
    • 1Hive Protocol
    • AragonOS Deployments
      • xDai
      • Polygon
      • Mumbai
    • Subgraphs
      • Honeyswap
        • Honeyswap Entities
        • Querying Honeyswap
      • Celeste
        • Celeste Entities
        • Querying Celeste
      • Gardens
        • Gardens Entities
        • Querying Gardens
      • Aragon Connect
        • Aragon Connect Entities
        • Querying Aragon Connect
      • Aragon Agreements
        • Aragon Agreement Entities
        • Querying Aragon Agreements
    • Security
      • Bug Bounty
  • 🐑Guides
    • Wiki Contribution
    • xDai
    • Polygon
    • BrightID
    • xPollinate
    • Troubleshooting
    • 1Hive FAQ
    • Agave FAQ
Powered by GitBook
On this page
  • Requirements
  • Rewards

Was this helpful?

  1. 🌾Developers
  2. Security

Bug Bounty

Smart contract bug bounty program

PreviousSecurityNextWiki Contribution

Last updated 2 years ago

Was this helpful?

This program covers all currently deployed 1hive related smart contracts on the xDai network that are actively being used from the . Contracts that 1hive uses that are not built by 1hive community members may also be considered depending on the extent to which they have been used within the 1hive ecosystem and the consequences they could produce. This evaluation will be at the discretion of the bug bounty swarm members using the and funds available are held in an Aragon DAO. The members and a link to the DAO holding the funds can be seen in the details.

Requirements

  • Disclosure of issues must be made directly to one of the bug bounty swarm members. DM’s via discord is fine.

  • Any evidence of disclosure to other parties will forfeit the reward.

  • Exploiting the vulnerability prior to disclosing it will forfeit the reward.

  • Disclosure should include details of how to reproduce the bug in as clear a way as possible. A more detailed report could increase the reward.

  • Reporting a bug that has already been reported will not earn a reward.

Front-end bugs will not earn a reward.

Rewards

Bounty rewards have been halved due to the drop in the Honey value and the decreased risk on our platform as a result. Details can be .

The severity of an issue will be determined by a score created using the CVSS Risk Rating scale . It will likely also involve some subjective understanding of the potential impact it could make on the 1hive ecosystem.

Risk Rating

Payment

Critical (9.0-10.0):

Up to $20,000 in HNY

High (7.0-8.9):

Up to $5,000 in HNY

Medium (4.0-6.9):

Up to $1,000 in HNY

Low (0.1-3.9):

Up to $500 in HNY

For reference, we would have scored the exploit detailed here with 9.3 originally earning it up to $40,000 in HNY, the exact amount would likely need to be discussed but we would have proposed it be closer to the upper limit. The scoring we have chosen can be seen here:

It should be known that 1hive is interested in maintaining secure infrastructure and is willing to make fair payouts for finding bugs that could affect funds and users. These requirements and rates have been discussed and agreed upon by the community here and here so as a bug hunter you can be assured when it comes to claiming a reward you will receive it, provided you act as outlined above.

1Hive Github organisation
CVSS Risk Rating scale
Bug Bounty Swarm
seen here
https://www.first.org/cvss/calculator/3.0
Story of a Bee - Why Farming was Delayed
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:L 3
1Hive Contract Bug Bounty Program Proposal
Final 1Hive Contract Bug Bounty Program Proposal