Bug Bounty Program
First place will receive $3000, second place - $2000 and third place - $1000, and additional remuneration to participants.
The competition and voting have completed. Winners were determined by the citizens of Lykke City.
Days of the project
Jun 8 - Oct 30, 2018 (143 days)
Jun 8 - Aug 31, 2018
Aug 31 - Oct 30, 2018
If you’re familiar with the cryptocurrency world, you probably know what a bounty program is, but even if you aren’t, it’s easy to explain. It’s a way for independent coders to earn rewards by catching vulnerabilities and reporting bugs.
Why do we do it?
We want to make Lykke the most reliable platform. We want to demonstrate that Lykke Wallet is completely safe and secure! That’s why we ask bug bounty hunters to help us.
Defect severity classification
- Critical: The defect affects critical functionality or critical data. It does not have a workaround.
- High: The defect affects major functionality or major data. It has a workaround, but it is not obvious, and it is difficult.
- Medium: The defect affects minor functionality or non-critical data. It has an easy workaround.
- Low: The defect does not affect functionality or data. It does not even need a workaround. It does not impact productivity or efficiency. It is merely an inconvenience.
How we classify bugs you can see detailed inside "Terms & Conditions"
Severity point values
- E1 = Critical = 1000 points
- E2 = High = 500
- E3 = Medium = 250
- E4 = Low = 50
- R1 = Recommendations, ideas = 50
- S1 = The most promoted posts from one participant by quantity of retweets, likes, shares, views, and comments = 200
- S2 = Every announcement of this contest in any social network ( Facebook, Twitter, and YouTube etc.) = 1 Like = 1 point, 1 Share = 5 point
Rules of participation for E1-E4
- It’s better to record the screen with this error or reproduce the sequence of actions.
- In code problems, show us the problematic location with your comments in any form.
- Describe what resources and opportunities are required to find and exploit this vulnerability.
- How much personally identifiable information could be disclosed?
- After the risks to the application have been classified there, make a prioritized list of what to fix.
- At the end of the campaign, send us your results in one document with all reports, tables, screenshots, and links.
Rules of participation for S1 and S2
- Create an announcement about this project in the required format.
- Publish your post on your personal social media accounts, cryptocurrency-oriented interest groups, and so on.
- Tag your post with Lykke’s social media accounts (facebook.com/LykkeCity, Linkedin.com/company/lykke/ or twitter.com/Lykke), and include a link to the project on Streams.
- Get people to like and share the post from your personal profile.
- Only the likes and shares of the post made on your personal profile in different social media will eventually be summed up to qualify for the contest.
- Use only organic traffic. Fake profiles and paid reach will be disqualified.
- At the end of the campaign, send us your results in one document with screenshots and a link to your post.
- All scores from social media (S1 and S2) can’t be more than 20% of the total score.
- Points scored only for social media do not participate in the competition.
Post for sharing
Picture for the post: https://goo.gl/kEAzPu
I'm taking part in the testing contest from (choose between facebook.com/LykkeCity, Linkedin.com/company/lykke/ or twitter.com/Lykke)! We’re looking for critical errors in the blockchain code. You can hack it too!
Help me to share this post as much as you can! I need your retweets and likes to get extra points. Thank you!
All backend components are hidden behind a facade: the Wallet API.
All components are hosted inside a Kubernetes cluster or as dockers inside dedicated virtual machines.
Registration (until 31 July): After registration, you can start collecting points.
Scoring (until 31 July): Send us your documentation with all links and screenshots.
Judging (1 August - 30 October): We will verify the scores and announce the winners!
If you have any questions, please feel free to ask them in the comments to the contest or to the [email protected].
A few disclaimers
- There is no guarantee of winning a prize.
- The prizes are only awarded to entries that the Lykke judges find worthwhile.
- Prizes are awarded in fiat currency.
- You must be at least 18 years of age.
- You must not submit twice — your first submission is the one that counts.
- You will be responsible for declaring your own income to your local tax authorities.
- All submissions will be disclosed to the public.
- The prizes are given at the organizer’s sole discretion.
- The decisions of the judges will be final — there is no appeals process if your project does not win a prize.
- No other compensation will be given at this stage.
* KYC or "Know Your Customer" policies are critically important internationally. Lykke is required to gather certain information about our partners in order to prevent identity theft, money laundering, financial fraud, and terrorist activity. Please be aware that any rewards arising from your participation in the Lykke Bounty Program will require you to provide us with the following KYC documents: A copy of your valid photo ID with the signature page; and a copy of a recent utility bill in your name, including your address. What are requirements for KYC?
|June 30, 2018 01:03|
|June 25, 2018 06:45|
|July 11, 2018 08:19|
|June 08, 2018 11:07|
|June 29, 2018 07:50|
|June 26, 2018 07:13|
|July 05, 2018 11:52|
|June 08, 2018 02:44|
|August 05, 2018 12:52|
|August 24, 2018 12:33|
|August 25, 2018 06:13|
|June 10, 2018 09:12|
|August 14, 2018 07:19|
|June 26, 2018 12:09|
|July 08, 2018 11:23|
|August 08, 2018 02:16|
|July 07, 2018 10:33|
|August 07, 2018 09:07|
|Username||reg. and Subm. Date||Result||Vote|
|July 07, 2018 10:44||View||3|
|June 25, 2018 01:33||View||5|
|June 08, 2018 03:00||View||1|
|August 05, 2018 04:30||View||5|
|August 25, 2018 08:16||View||1|
|August 24, 2018 08:59||View||2|