Bug Bounty

This page pertains to information about the Bug Bounty Programme for Uno Re Cohort I App launch

Whitelisted users will now be able to access the dApp on the BSC Testnet and interact with it. Users can also participate in our Bug Bounty Programme (follow this space for more details on that!) and report critical vulnerabilities and bugs found on the App to earn rewards up to 250,000 USD worth of rewards.

Interested users can get access to our App by submitting the whitelisting form.

Testnet Eligibility Criteria

  • Selected participants must have a balance of at least 100 $UNO in their BEP-20 wallet (wallet submitted in the Testnet form).

  • Be a member of the official Uno Re Telegram.

  • Be following the official Uno Re Twitter account.

Users part of the program should have a verified Discord ID and can join the Uno Re Discord server here.

The Bug Bounty programme

We've taken on the ambitious goal of being the leading insurance provider in the crypto-insurance space - Uno Re is always looking to protect our system and partners better. We typically conduct complete unit tests with an internal audit and put our Mainnet smart contracts through external audits too, but you can never be too careful.

This is precisely why we've decided to launch a community-based bug bounty programme to invite security researchers to report any bugs or vulnerabilities they discover to the team.

Once we receive a notice of a vulnerability/bug, our DevOps and Security teams will respond quickly to address the issue and ensure that we deliver the best possible final product to our users. Those who report a vulnerability will also be eligible for a monetary “bounty” based on the risk associated with the exposure and the importance of the affected system.

Rewards will be distributed to users based on the criteria of severity - the following list outlines the severity of how these various vulnerabilities would be classified:

Critical

  1. Leak of Funds/Significant Loss of tokens from Core Smart Contracts of Uno Re. The loss of funds should be greater than or equal to 5% of the total locked funds.

  2. Unauthorized system privileges.

  3. Serious logic design flaws and process defects.

High

  1. Leak of Funds/Significant Loss of tokens from Core Smart Contracts of Uno Re. The loss of funds is less than or equal to 5% of the total locked funds.

  2. Unauthorized edit access to sensitive information.

  3. Unauthorized sensitive operations.

Medium

  1. Vulnerabilities that require interaction and affect users.

  2. General unauthorized operations.

  3. Gas Optimization bugs.

  4. Vulnerabilities that damage the protocol state.

Low

  1. Direct denial of service and Local denial of service vulnerabilities, CSRF (cross-site request forgery), reflected-XSS, and so on.

  2. Information leakage, such as path information, SVN information, exception information, and so on.

  3. Using outdated versions of a system, supporting outdated versions of an encryption protocol, such as SSL (secure-sockets layer) or TLS (transport-layer security) 1.0, supporting low-strength encryption algorithms.

Almost Certain

$2,000

$4,000

$9,000

$15,000

Likely

$800

$1,000

$1,500

$3,000

Possible

$500

$700

$900

$1,200

Unlikely

$200

$300

$600

$900

Highly Unlikely

$100

$200

$350

$600

Low

High

Moderate

Critical

Exclusions

The following vulnerabilities are excluded from the rewards for this bug bounty programme:

  • Attacks that the reporter has already exploited themselves, leading to damage

  • Attacks that rely on social engineering

  • Attacks requiring access to leaked keys/credentials

  • Not to exclude oracle manipulation/flash loan attacks

  • Basic economic governance attacks (e.g. 51% attack)

  • Lack of liquidity

How to report these Bugs/Vulnerabilities to us?

To ensure utmost transparency and fairness, we have created a channel dedicated for the bug bounty programme.

Users who have gained the Tester Role on Discord will only be part of this channel and will be able to report bugs they have found on the form here.

Reporting Process:

We have devised a meticulous method to make this process as efficient as possible.

The following symbols represent the process of how the team will handle the reported bugs found in the programme:

Bug Accepted -

Bug Rejected - 🔴

Bug Processing - 🔵

Bug Fixed -

The severity of the bug will further be represented as the following:

Critical -

High -

Moderate -

Low -

As and when bugs are being reported, the Developer and Security teams of Uno Re will promptly take action to fix the vulnerability.

We appreciate all the love and support we have received since the beginning. This is the start of an epic journey and we can’t wait to re-define the crypto ecosystem and take it to new heights!