The WINGS Bug Bounty Program

Help and earn rewards up to 5000 WINGS

Calling all security specialists

We are about to finally launch the mainnet version of WINGS and need your peering eyes combing through the code and finding anything that us and our auditing partners might have missed.

The bounty reward is up to 1000 WINGS for issues requiring beta re-deploy, and up to 5000 WINGS for critical issues, all payable in WINGS tokens.

500 WINGS: For any severe bugs that don’t require contracts redeploy

1,000 WINGS: Any bugs leading to stopping using the current contracts and having to redeploy the new version to the testnet

2,500 WINGS reward for bugs allowing any first party to break into their own funds

Example: WINGS tokens owner can transfer the forecast tokens despite them being locked

Example: WINGS tokens owner can transfer the forecast tokens despite them being locked 5,000 WINGS reward for bugs allowing any 3rd party to access funds

Example: Anyone can transfer the WINGS tokens in the contract

We follow the bounty rules established by Ethereum Foundation: https://bounty.ethereum.org, such as first come, first serve; any reports submitted by others or already known to the team will not be rewarded.

Testnet site

The testnet is accessible on the following address:

https://testnet.wings.ai

Bounty scope

Actual financial losses issues:

Impossibility of closing a forecast and getting the locked Wings back

Impossibility of getting deposited Wings during project creation back

Incorrect calculations of the Ethereum transaction fees

Calculations issues:

Incorrect calculation and distribution of rewards

Wrong distribution of project deposit fee (in case of project rejection or cancellation)

Wrong calculation of FR

Flow issues:

Deadlock of project

Security issues:

Vulnerabilities (for example: XSS attack)

Other issues

Back-end/front-end related issues:

Incorrect responses from the API

Any other issue that might prevent the correct platform use

Note that some actions could ask for a different gas parameters, so before reporting an issue, test it with a different gas limit

Out of scope:

Browsers bugs

Any UX issues on the platform

Text and grammar

Submission deadline

The bug bounty ends on 11/3/2018.

Responsible Disclosure

We ask you to follow a responsible disclosure:

Provide reasonable time to resolve any issues you report before making them public or sharing with anyone else

Avoid violations and disruptions to anyone with the knowledge you gained

Not exploit the security issue, including for demonstration purposes

Contact

Please send your findings to: bounty@wings.ai, feel free to make the submissions anonymous.

Make sure to include your ETH address for receiving your reward.