— accept security vulnerabilities and non-security bugs

Program Time: July 10 — Sept 30

Submissions shall be sent to:

qlc.hackathon@protonmail.com

PGP Fingerprint: 5962280664e521bd2574e5df46a64c0c403b258d

Confidant app download link and source code:

Android download Android Github

iOS download iOS Github

Start off from a Confidant trial account:

cryptosophies.com/qlc-bug-bounty/

Background

As a public chain aiming to create a secure and trusted environment for telecom services, the security of private information and user data has always been at the core of QLC Chain services. As part of the commitment, Confidant, a secure and trusted communication platform now invites developers and security researchers to help protect Confidant and its users by identifying bugs and security vulnerabilities via this Bug Bounty Program.

Bug Reporting Process

When reporting bugs, there will be some information required for bugs description and reward distribution. Please send the information as listed below to qlc.hackathon@protonmail.com. A submission portal is in process and will be available on QLC Chain website soon.

Your name

Your nep-5 wallet public address for receiving rewards.

Your email address for contacting us

Specific type of bug

Detailed steps needed to reproduce the issue

If it is a vulnerability issue, have a description of the risk and possible exploits

How is this issue different from what is expected

If you wish to stay anonymous, either contact us with a throw away email address or let us know that you do not want to be named.

Rules and rewards

Confidant Bug Bounty Program welcomes both security vulnerability and general bug reports. All the reported issues will be evaluated based on their severity and security impact on the product and its users.

Rewards shall be distributed in either BTC or QLC.

Security Vulnerabilities Classifications and Rewards

Your bug reports will be rated based on the severity and its impact on Confidant performance and its user experience.

Non-security Classifications and Rewards

QLC Chain developer community always aims to tap into the potential of the community to contribute to a more stable, secured and prosperous QLC Chain ecosystem. As such QLC Chain may award a lucrative reward bonus for exceptional bug finders. The decision will be made at QLC Chain team’s discretion .

Awarding Process

QLC Chain team will evaluate all valid bug submissions that are accepted and then reach out to inform the submitter. Reward distribution will be completed once o a acceptance of the bugs.

In scope

Confidant Station and Confidant app for Android and iOS.

Confidant app download link and source code:

Android download Android Github

iOS download iOS Github

Confidant trial account for developers and security researchers — please access here:

cryptosophies.com/qlc-bug-bounty/

Terms and Conditions

While participating Bug Bounty Program, you must refrain from

Attacks against Confidant infrastructure

Social engineering and physical attacks

Distributed Denial of Service attacks that require large volumes of data

Provisioning and/or usability issues

Violations of licenses or other restrictions applicable to any vendor’s product

Security bugs in third-party products or websites that are not under QLC Chain team’s direct control

Vulnerabilities that are a result of malware

Theoretical security issues with no realistic exploit scenario(s) or attack surfaces, or issues that would require complex end user interactions to be exploited, may be excluded

Issues determined to be low impact may be excluded

In addition, the submitter must NOT be the author of the code with the vulnerability

Vulnerabilities that are disclosed to any party other than QLC Chain Team, including vulnerability brokers, will not qualify for Bug Bounty reward. This includes both full public disclosure and limited private release.