The Nebulas Bug Bounty aims to improve the security of Nebulas Ecosystem, ensuring the establishment of a benign Nebulas ecosystem. The Nebulas Bug Bounty Program provides bounties for the discovered vulnerabilities. This bounty program is initiated and implemented by the Nebulas Technical Committee (NTC), joined by the Nebulas technical team and community members. NTC encourages the community to disclose security vulnerabilities via the process described below, and to play a role in building Nebulas ecosystem, thereby receiving bounties, and partake in the establishing of Nebulas ecosystem.

Bug Category

The Bug Bounty Program divides the bug bounties into 2 categories: common bug bounty, and special bug bounty. The common bugs include vulnerabilities discovered in Nebulas mainnet, Nebulas testnet, nebPay, Web wallet, neb.js and others, while the special bugs include vulnerabilities found in the inter-contract call function and others.

Eligibility

The Nebulas Technical Committee (NTC) will evaluate reward sizes according to the severity calculated by OWASP Risk Rating Method based on Impact and Likelihood. However, final rewards are determined at the sole discretion of the committee.

Impact:

High: Bugs affecting asset security.

Medium: Bugs affecting system stability.

Low: Other bugs that do not affect asset security and do not affect system stability.

Likelihood:

High: The bug can be discovered by anyone who performs an operation, regardless of whether or not the bug has been found.

Medium: Only certain people can discover it (such as a bug that only developers encounter, ordinary users are not affected.)

Low: Covers less than 1% specific population, such as certain rare Android models; or any other exceptional cases.

Amount:

To ensure the bug reporter obtains a stable expected reward, the amount in US dollars will be issued in equivalent NAS.

The reward amount is divided into 5 categories:

Critical: US$1,000 or more (No upper limit)

High: US$500 or more

Medium: US$250 or more

Low: US$100 or more

Note: US$30 or more

Note:

The Nebulas testnet special vulnerability reward (such as one for testnet inter-contract call function) has been increased accordingly, and the equivalent US dollars are issued in NAS.

Report A Bug

Please send your bug report via HERE.

Notes:

1. Please ensure the accuracy and clarity of the content, because the reward evaluation will be based on the content submitted in this form.

2. If many people discover the same bug, then their report submissions in chronological order will determine their reward. Community users are welcome to discuss the issues of bugs, but the discussion itself is not considered a report, therefore a report form must still be submitted.

Notes: