NEO launched its official site for Vulnerability Bounty Program for the purpose of keeping the security, according to its blog.
The purpose of NEO vulnerability bounty program is to be proactive about blockchain security by providing a channel for security researchers to report potential security vulnerabilities identified related to our underlying infrastructure.
Level of vulnerabilities will undergo evaluation by NEO R&D team based on severity, influence and other dimensions.
- Only issues related to stability and security with design and implementation is within the scope, vulnerabilities with NEO website and related infrastructure on the NEO blockchain is out of the scope. Find more details at the Scope of Bug Bounty Program.
- Submitted reports should contain detailed reproduction procedures, in the absence of which, the reports will be excluded from the rewarding list. The more detailed about the proof of vulnerabilities and the descriptions are, the higher your reward will be.
- For those who report the same vulnerability, the reward goes to whom comes first.
- Serial vulnerabilities caused by one vulnerability will be considered as one vulnerability, e.g., a series of computing errors caused by data overflow.
Vulnerabilities fitting in any of the following descriptions will not be eligible for the rewards:
- Those published or known ones are not eligible for rewards.
- If you unveil such vulnerabilities before NEO fixes or publish them, the reward becomes null and void.
- Participants who use submitted vulnerabilities to damage NEO ecosystem, infringe on users’ interest and perform pilferage on users’ assets will be disqualified for rewards; meanwhile, NEO is rightful to resort to justice.
Scope of Vulnerability Bounty Program :
Security vulnerabilities of the following projects must be addressed in the report to be eligible for the rewards: