TribeOne is committed to ensuring the security and stability of our platform. That is why, together with our first testnet launched on December 12th, we are starting a Bug Bounty program.
The program is mostly focused on identifying vulnerabilities in our smart contracts, but we will also be looking for issues with our UI and front-end. We are offering rewards for discovering and reporting eligible vulnerabilities, which will be determined based on the severity and likelihood of the issue.
Please review our guidelines and submission process before submitting any findings.
Eligibility
The report to be valid and considered for bounty rewards needs to fulfill a number of criteria listed below:
Personal Eligibility
- Be a member of TribeOne Discord and Telegram group
- Register for testnet trading competition
- Follow TribeOne on twitter
- Not affiliated with TribeOne team or TribeOne DAO
Bug eligibility
- Issue was not known to the team before
- Issue was not submitted by another user before (based on the date of submission)
- Issue does not depend on leaked information (social engineering, private key leakage)
- Issue does not depend on governance attack
- Issue does not depend on oracle manipulation and flash loan attacks
- Issue does not depend on low liquidity
Bug submission
- Bug report was submitted on TribeOne official discord in bug_bounty channel
- The report needs to include:
- Description of the issue
- Exact reproduction steps
- Reproduction video (if applicable) — link to loom, gdrive, skiff, etc.
- Proposed fix (optional but highly recommended)
Smart contract bugs
Severity
Submission topics may include but are not limited to:
Likelihood
Bounty depends on the severity and likelihood of the bug with the maximum possible:
Quality of submission
The final bounty reward will be offered at team discretion depending on:
- Clarity of description
Highest reward possible for submissions with well described issue/severity/etc - Ease of reproducibility
Highest reward possible for submissions with clear reproduction steps that can be followed (test code, scripts, step-by-step reproduction instructions, etc.) - Quality of fix provided
Highest reward possible for submissions with a clear and implementable fix
Web/UI bugs
Severity
Submission topics may include but are not limited to:
Likelihood
Bounty depends on the severity and likelihood of the bug with the maximum possible:
Quality of submission
The final bounty reward will be offered at team discretion depending on:
- Clarity of description
Highest reward possible for submissions with well described issue/severity/etc - Ease of reproducibility
Highest reward possible for submissions with clear reproduction steps that can be followed (test code, scripts, step-by-step reproduction instructions, etc.) - Quality of fix provided
Highest reward possible for submissions with a clear and implementable fix
Summary
Community has always been at the core of TribeOne’s development and gathering feedback is an essential step in the development of our protocol. By participating in this program, you will be contributing to the security and stability of our platform, and helping to ensure the integrity of our ecosystem.
We’re excited to build the best NFT perpetual swaps protocol together with you.
