AuditOne Docs
  • 🚀About AuditOne
  • Why AuditOne
  • Our Vision
  • What makes us different?
  • Free Tools
    • Price Calculator
    • Security Checklist
    • EU Compliance Checker
  • Services
    • CoinIntel Report
    • How to Bridge AUDIT Tokens Between the IOTA and BASE Networks
    • Lock AUDIT Token
    • AI Systems Audit
    • Trust Layer for Platforms
      • Security Audit
      • 360-Degree Audit
      • Penetration Testing
      • KYC
    • Bug Bounty
  • $AUDIT Tokenomics
  • SafuraDAO (Coverage)
  • 🧑‍🚀STAKEHOLDERS
    • For Projects
      • Preparation & Pricing
      • Before The Audit
      • Requesting An Updated Audit
    • For Auditors
      • Auditor Levels and Rewards
      • Audit Process
      • Audit Contest Process
      • Auditor Pooling
      • GitHub Tracking
      • Compensation
      • Severity Classification
    • Community
    • Ambassadors program
      • Write an Article -1000 $AUDIT
      • Create Instagram Reels | YouTube Shorts | TitTok - 200 $AUDIT/video
      • Create Twitter | Instagram | Facebook | Threads | Reddit Post - 200 $AUDIT/Post
      • Create Youtube Horizontal Video - 200 $AUDIT/Video
  • 👨‍💻Platform
    • The all-in-one audit platform
    • Academy
    • Tools
    • Auditors
      • Join & work at AuditOne
      • Validate AI Findings
    • Bug Bounty
      • General rules and regulations
      • Bug Bounty Q&A
      • Code of Conduct
      • FAQ Hackers
  • 🪙$AUDIT TOKEN FAQ
    • Token Fairlaunch FAQ
    • Airdrops
    • Pool
    • Buy/Sell/Trade
    • Price
    • Benefits/How To Use
    • Tech/Issues
    • $AUDIT Awards
      • 🗓️Daily Quests
      • 👻Meme Contests
      • 🏆April 2024 Quiz Winners
      • 🏆May 2024 Quiz Winners
      • 🏆June 2024 Quiz Winners
      • 🏆July 2024 Quiz Winners
      • 🏆September 2024 Quiz Winners
      • 🏆October 2024 Quiz Winners
      • 🏆November 2024 Quiz Winners
      • 🏆December 2024 Quiz Winners
      • 🏆January 2025 Quiz Winners
  • 🔗Links
    • Links and Social
Powered by GitBook
On this page
  1. Platform
  2. Bug Bounty

General rules and regulations

for hackers

General rules:

  • The program may be canceled at any time, and awards are at the sole discretion of the bug bounty panel.

  • Participants must not be on any sanctions lists or reside in countries on sanctions lists (e.g., North Korea, Iran, etc.).

  • Proof of identity is required due to local laws.

  • Participants are responsible for any applicable taxes.

  • All awards are subject to applicable law.

  • Participants must adhere to the reporting guidelines provided.

Eligibility for Rewards:

  • Issues without a Proof of Concept (POC) are not eligible for bounty rewards.

  • Duplicate reports of the same vulnerability are not eligible for additional rewards.

  • Publicly disclosing a vulnerability before it's resolved makes it ineligible for a bounty.

  • The vulnerability report should not be related to activities that violate the service's terms of service or any laws.

Vulnerability Submission:

  • One report per vulnerability

  • The first report for a specific vulnerability is accepted.

  • Reports for vulnerabilities already known are not accepted.

  • Reports submitted for vulnerabilities explicitly listed as out of scope are not accepted.

  • If a chain security vulnerability is detected using multiple security vulnerabilities, separate reporting is allowed.

  • Higher rewards are paid for clear, well-written submissions.

  • A Proof of Concept (POC) must be included to be eligible for rewards. Please include test code, scripts, and detailed instructions. The easier we can reproduce and verify the vulnerability, the higher the reward.

  • Include a clear description of how to fix the issue.

  • Vulnerability reports should be submitted through the designated channels.

Testing Guidelines:

  • Testing must not violate any law or compromise any data that the participant does not own.

  • Participants should not access or modify other users' data during testing and should only use accounts under their control.

  • Vulnerabilities allowing access to user data should be reported responsibly, without unauthorized access.

  • Testing should be limited to verifying the presence and impact of the vulnerability.

Prohibited Actions:

  • Social engineering methods (e.g., phishing, vishing, smishing) and physical attacks (e.g., computer theft, SIM card copying) are strictly prohibited.

  • Denial of Service (DoS) attacks must not be attempted.

  • Any actions that could compromise the integrity or availability of our system

Submission Requirements:

  • Reports must be submitted in English.

  • All details about the vulnerability must be shared, and a Proof of Concept (PoC) must be provided.

  • If multiple vulnerabilities are discovered, researchers should submit separate reports for each distinct issue.

PreviousBug BountyNextBug Bounty Q&A

Last updated 11 months ago

👨‍💻