Bug Bounty Q&A
The following questions will help you understand our service offering. If you cannot find an answer to your question, please contact us at hello@auditone.io.
Last updated
The following questions will help you understand our service offering. If you cannot find an answer to your question, please contact us at hello@auditone.io.
Last updated
AuditOne is a decentralized community of 400+ white hat hackers/auditors who would be offered a bounty for identified bugs/vulnerabilities.
- Stealing or loss of funds
- Unauthorized transaction
- Transaction manipulation
- Price manipulation
- Fee payment bypass
- Balance manipulation
- Contracts execution flows
- Consensus flaws
- Peer-to-peer network flaws
- Cryptographic flaws
We usually advise that a critical bug bounty should be up to 10% of the TVL (as all could be stolen/controlled in this case).
Low issues could be just a few k while medium could be something in the range of 5-20k.
Only a 5% fee on payout (and paid by the auditor from the bug bounty reward). No other fees.
We screen them initially. If they are no spam, alerts will be sent to assigned devs on your side. We can also assess and triage them, but this would cost on a monthly base TBD.
We screen them initially. If they are no spam, alerts will be sent to assigned devs on your side. We can also assess and triage them, but this would cost on a monthly base TBD.
We exchange personal contact details with lead devs. Furthermore, we have real-time alert systems in place for email & TG contact.
We have a proper user management system in our app, and we can share reports only within trusted systems.
For the beginning it just on paper and you will pay them directly.
In terms of arbitration, there will be a committee of 5 members, 2 from AuditOne, 2 from your team, and 1 from Kleros.io.
They agree to the T&C on our platform.
The most attractive way to offer bounties is by using stable-coins. It is also fine to use tokens according to pre-defined USD values.
We are developing coverage and escrow pools that can or will be used at a later stage. For now this is not required.
We do KYC with the auditors / bounty hunters. How the payment process is handled, can be customized to your needs.
More than 380 auditors (300+ proficient in Solidity, 50+ proficient in Rust, many pen-testers or from traditional security backgrounds).
We are in discussions with a few others, but it takes some time to agree on terms. Our bug bounty feature was just recently developed, and legal contracts were drafted. It is your chance to be one of the first bounties, and therefore, outstanding will be much easier.