Bug Bounty Program

PreviousRWA Exchange Trading Competition (Testnet)

Last updated 6 months ago

Was this helpful?

Bug Bounty Program

At RWA Inc., we prioritize the security and privacy of our customers above everything else. In our ongoing commitment to maintain robust security standards, we have launched the RWA Inc. Bug Bounty Program!

This initiative invites security researchers and ethical hackers worldwide to help us identify vulnerabilities in our systems and applications.

Program Overview

The Bug Bounty Program is designed to encourage responsible disclosure of security issues. By participating, researchers can earn monetary rewards in the form of $RWA tokens and recognition for their contributions to enhancing our security posture.

Scope

We are interested in vulnerabilities that could compromise the integrity, confidentiality, or availability of our systems. Moreover, we are interested in optimizing cosmetics, and reward also reports that involve general optimization etc. Lastly, we reward selected innovative ideas and improvement suggestions across our platforms.

The following assets are in scope:

RWA Launchpad on test net - plus any publicly accessible web application owned by RWA Inc.
Infrastructure: Public-facing servers and network infrastructure.

Out of Scope:

Third-party services and applications not owned by RWA Inc.
Denial of Service (DoS) attacks.
Physical security tests.
Social engineering of our employees or customers.
Vulnerabilities requiring physical access to hardware.

Rewards

Rewards are based on the severity of the vulnerability, assessed using the Common Vulnerability Scoring System (CVSS). The reward ranges are as follows:

Critical severity: Up to $10,000 in $RWAs
High severity: Up to $5,000 in $RWAs
Medium severity: Up to $1,000 in $RWAs
Low severity: Up to $250 in $RWAs

To execute $RWA token reward payouts, please provide the valid ETH wallet address in the form submission.

Note: The final reward amount is at the discretion of RWA Inc. and depends on the quality of the report and the impact of the vulnerability.

Submission Guidelines

To ensure a smooth review process, please adhere to the following guidelines:

Detailed reports: Provide a clear and detailed report including steps to reproduce the vulnerability, potential impact, and suggested remediation.
Proof of concept: Include screenshots, videos, or code snippets that demonstrate the issue.
Legal compliance: Do not engage in testing that violates any laws or regulations.

Responsible Disclosure Policy

We ask that you:

Act in good faith: Avoid privacy violations, data destruction, and interruption of our services.
Confidentiality: Do not disclose the vulnerability to the public or any third party before it has been resolved.
No exploitation: Do not exploit the vulnerability beyond what is necessary to demonstrate it.

Eligibility

Open to individuals aged 18 or older.

Researchers must not reside in a country under any U.S. sanctions.

Response and Resolution

The RWA INC team is committed to prompt communication:

Acknowledgment: We will acknowledge receipt of your report within 3 business days.
Assessment: We aim to provide a preliminary assessment within 10 business days.
Resolution: Efforts will be made to resolve valid vulnerabilities in a timely manner.

PreviousRWA Exchange Trading Competition (Testnet)

Last updated 6 months ago

Was this helpful?

This initiative invites security researchers and ethical hackers worldwide to help us identify vulnerabilities in our systems and applications.

Program Overview

Scope

The following assets are in scope:

RWA Launchpad on test net - plus any publicly accessible web application owned by RWA Inc.
Infrastructure: Public-facing servers and network infrastructure.

Out of Scope:

Third-party services and applications not owned by RWA Inc.
Denial of Service (DoS) attacks.
Physical security tests.
Social engineering of our employees or customers.
Vulnerabilities requiring physical access to hardware.

Rewards

Rewards are based on the severity of the vulnerability, assessed using the Common Vulnerability Scoring System (CVSS). The reward ranges are as follows:

Critical severity: Up to $10,000 in $RWAs
High severity: Up to $5,000 in $RWAs
Medium severity: Up to $1,000 in $RWAs
Low severity: Up to $250 in $RWAs

To execute $RWA token reward payouts, please provide the valid ETH wallet address in the form submission.

Note: The final reward amount is at the discretion of RWA Inc. and depends on the quality of the report and the impact of the vulnerability.

Submission Guidelines

Bug Report submission →

To ensure a smooth review process, please adhere to the following guidelines:

Detailed reports: Provide a clear and detailed report including steps to reproduce the vulnerability, potential impact, and suggested remediation.
Proof of concept: Include screenshots, videos, or code snippets that demonstrate the issue.
Legal compliance: Do not engage in testing that violates any laws or regulations.

Responsible Disclosure Policy

We ask that you:

Act in good faith: Avoid privacy violations, data destruction, and interruption of our services.
Confidentiality: Do not disclose the vulnerability to the public or any third party before it has been resolved.
No exploitation: Do not exploit the vulnerability beyond what is necessary to demonstrate it.

Eligibility

Open to individuals aged 18 or older.

Researchers must not reside in a country under any U.S. sanctions.

Response and Resolution

The RWA INC team is committed to prompt communication:

Acknowledgment: We will acknowledge receipt of your report within 3 business days.
Assessment: We aim to provide a preliminary assessment within 10 business days.
Resolution: Efforts will be made to resolve valid vulnerabilities in a timely manner.