Bug Bounty Programme
This page pertains to information about the Bug Bounty Programme for Uno Re V2 App launch
Whitelisted users will now be able to access the dApp on the Ethereum Rinkeby Testnet and interact with it. Users can also participate in our 200,000 USD Bug Bounty Programme and report critical vulnerabilities and bugs found on the App.
Interested users can get access to our App by submitting the whitelisting form.
Testnet Eligibility Criteria
  • Be a member of the official Uno Re Telegram.
  • Be following the official Uno Re Twitter account.
Users part of the program should have a verified Discord ID and can join the Uno Re Discord server here.
The Bug Bounty programme
Similar to last time, we’ve decided to host a combined 200,000 USD Bug Bounty programme for our V2 launch.
Despite constant checks by our developers and audits, we can never be sure of where we’ve missed out! For this reason, we launch our community-based bug bounty programme for users to further help our developers by reporting bugs or vulnerabilities within our dApp.
Rewards will be distributed to users based on the criteria of severity — the following list mentions the severity of how vulnerabilities are classified:
Critical
  1. 1.
    Leak of Funds/Significant Loss of tokens from Core Smart Contracts of Uno Re. The loss of funds should be greater than or equal to 5% of the total locked funds.
  2. 2.
    Unauthorized system privileges.
  3. 3.
    Serious logic design flaws and process defects.
High
  1. 1.
    Leak of Funds/Significant Loss of tokens from Core Smart Contracts of Uno Re. The loss of funds is less than or equal to 5% of the total locked funds.
  2. 2.
    Unauthorized edit access to sensitive information.
  3. 3.
    Unauthorized sensitive operations.
Medium
  1. 1.
    Vulnerabilities that require interaction and affect users.
  2. 2.
    General unauthorized operations.
  3. 3.
    Gas Optimization bugs.
  4. 4.
    Vulnerabilities that damage the protocol state.
Low
  1. 1.
    Direct denial of service and Local denial of service vulnerabilities, CSRF (cross-site request forgery), reflected-XSS, and so on.
  2. 2.
    Information leakage, such as path information, SVN information, exception information, and so on.
  3. 3.
    Using outdated versions of a system, supporting outdated versions of an encryption protocol, such as SSL (secure-sockets layer) or TLS (transport-layer security) 1.0, supporting low-strength encryption algorithms.

Exclusions

The following vulnerabilities are excluded from the rewards for this bug bounty programme:

  • Attacks that the reporter has already exploited themselves, leading to damage
  • Attacks that rely on social engineering
  • Attacks requiring access to leaked keys/credentials
  • Not to exclude oracle manipulation/flash loan attacks
  • Basic economic governance attacks (e.g. 51% attack)
  • Lack of liquidity

How to report these Bugs/Vulnerabilities to us?

To ensure utmost transparency and fairness, we have created a channel dedicated for the bug bounty programme.
Users who have gained the Tester Role on Discord will only be part of this channel and will be able to report bugs they have found on the form here.
Reporting Process:
We have devised a meticulous method to make this process as efficient as possible.
The following symbols represent the process of how the team will handle the reported bugs found in the programme:
Bug Accepted -
Bug Rejected -
🔴
Bug Processing -
🔵
Bug Fixed -
The severity of the bug will further be represented as the following:
Critical -
High -
Moderate -
Low -
As and when bugs are being reported, the Developer and Security teams of Uno Re will promptly take action to fix the vulnerability.
We appreciate all the love and support we have received since the beginning. This is the start of an epic journey and we can’t wait to re-define the crypto ecosystem and take it to new heights!
Last modified 1mo ago