The exchange added that it will assess rewards based on the level of security impact on reported vulnerabilities.
The terms of the project is the same as the first round of the security bug bounty program held in March: Binance can cancel or amend the bounty or bounty rules, issue BNB rewards within two weeks after the vulnerability report is verified, and reward the first vulnerability report.
Binance created four classifications for the vulnerabilities. Issues for the first classification include those that undermine the safety of any user or validator’s fund/fee, weaken trading or token economy, subvert the DEX trading logic.
P2 vulnerabilities are determined as: denial of service of any Binance Chain validator node, vulnerabilities that undermine or disrupt trading or token economy and the validator consensus result and performance, and issues that disable the accelerated node from responding to user queries on orders, transactions, balances, and market depth.
P3 issues are classified as denial of service of web wallet usage and the Binance Chain Explorer, while P4 vulnerabilities include those that affect the stability or availability of Binance Chain, DEX, and Explorer and Web Wallet.