Chronobank Bug Bounty Program
Welcome bounty hunters!
50 TIME for disrupting the system by exploiting source code.
100–200 TIME for finding flaws that allow stealing money or unauthorized balance change.
Most of the rules on bounty.ethereum.org apply. For example: First come, first serve. Issues that have already been submitted by another user or are already known are not eligible for bounty rewards.
Scope of The Bounty Program
Smart Contracts source code:
This repository consists of contracts related to LH and TIME token. Contracts in this repository have the highest priority and rewards.
This repository consists of CBE and LOC ethereum infrastructure + LH contract wrappers.
- TimeContract — Manages all time tokens purchased by funders.
- LHT Contracts — Manage LHT issuance, transfer and redemption
- Rewards Contract — Manages revenues from LHT fees.
- ChronoMint — Manages LOC Creation and Issuance
- LOC Contracts — Manage issuance of LHT by each Company
- Insurance Fund Contract — Manage lequidity and guarantee funds
For each of the above, vulnerabilities which allow loss of funds or improper change of settings should be reported
UI source code:
Out of scope:
¥ Bugs related to Web Browsers (Also as Mist and Metamask)
¥ All browser rendering bugs that don’t affect the display of critical information such as TIME and LHT balances and operations.
¥ Most user experience improvements on the frontend
Examples of what’s in scope
¥ Being able to withdraw more LHT or TIME than contributed
¥ Being able to obtain more LHT or TIME tokens than expected
¥ Being able to obtain LHT or TIME from someone without their permission
¥ Being able to exchange LHT or TIME to ETH and vise versa beyond exchange rate.
¥ Bugs in eth-lightwallet that lead to loss or theft of TIME or LHT
¥ Bugs causing a transaction to be sent that was different from what user confirmed: for example, user transfers 10 LHT in the UI, but exactly 10 wasn’t transferred.
Examples of what’s out of scope
¥ Most user experience improvements on the frontend, for example some part of user interface doesn’t update unless the page is refreshed
All findings should be submitted before the ICO ends. When ICO will be finished the bounty program and rewards will be reviewed.
Email your submissions to [email protected] with subject “Bug Bounty”