The Energy Web Bug Bounty Program exists to incentivize and reward members of the community who identify and help resolve security vulnerabilities in the EW Chain, Utility Layer, EW-DOS toolkits, and auxiliary EW-related tools and infrastructure.
The scope of the program includes all public EW GitHub repositories and hosted applications (Switchboard, EWC Bridge, Key Manager).
The primary areas of interest are:
Access/Identity vulnerabilities
Logical Errors
Exploitation - XSS, CSRF, SQL injection, SSL misconfigurations etc.
Smart Contract Errors
Cryptography Errors
The following are out of scope:
DNS, configuration, and hosting of the energyweb.org website
Any known vulnerabilities reported on third-party sites (e.g., Hackerone)
Any previously-reported vulnerabilities (those listed on this webpage)
Any vulnerability found using common open-source scanner tools (e.g., https://github.com/sullo/nikto or https://github.com/maurosoria/dirsearch)

Individuals or organizations who report and/or resolve bugs are eligible for rewards (EWT and public recognition) as follows:

Bugs are categorized at the sole discretion of the Energy Web Technical Committee using a risk assessment matrix based on impact and likelihood. The reward for a given bug is proportional to its severity; rewards are also higher for reporting a bug along with a recommended resolution than for reporting a bug alone.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram