The Energy Web Bug Bounty Program exists to incentivize and reward members of the community who identify and help resolve security vulnerabilities in the EW Chain, Utility Layer, EW-DOS toolkits, and auxiliary EW-related tools and infrastructure.

Active Bounty Challenge

The challenge:
Hack our staking contract (IF YOU CAN!). Take out ALL the Volta Tokens from the staking contract. Demonstrate how!
prize
1000 EWT
Apply for the challenge
The scope of the program includes all public EW GitHub repositories and hosted applications (Switchboard, EWC Bridge, Key Manager).
The primary areas of interest are:
Access/Identity vulnerabilities
Logical Errors
Exploitation - XSS, CSRF, SQL injection, SSL misconfigurations etc.
Smart Contract Errors
Cryptography Errors
The following are out of scope:
DNS, configuration, and hosting of the energyweb.org website
Any known vulnerabilities reported on third-party sites (e.g., Hackerone)
Any previously-reported vulnerabilities (those listed on this webpage)
Any vulnerability found using common open-source scanner tools (e.g., https://github.com/sullo/nikto or https://github.com/maurosoria/dirsearch)

Individuals or organizations who report and/or resolve bugs are eligible for rewards (EWT and public recognition) as follows:

Bugs are categorized at the sole discretion of the Energy Web Technical Committee using a risk assessment matrix based on impact and likelihood. The reward for a given bug is proportional to its severity; rewards are also higher for reporting a bug along with a recommended resolution than for reporting a bug alone.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram