LogoLogo
  • Welcome
  • About Vision.io
  • General Information
    • DNS - Domain Name System
      • Brief History of DNS
      • How Does DNS Work?
      • Key Components of DNS
      • DNS and Blockchain
    • ENS - Ethereum Name Service
      • Subdomains
      • Registrations
      • Expirations
      • Renewals
      • Records
    • Web2 Domain Tokenization
  • REGISTER ENS
    • Simple Search
    • Bulk Search
    • Bulk Register ENS
    • Bulk Premium ENS Registration
  • Buy ENS
    • (Bulk) Purchase ENS
    • (Bulk) ENS Offers
  • ENS AUCTIONS
    • Dutch Auctions
  • Sell ENS
    • (Bulk) List ENS
    • Offers/Bids
    • Marketplace Fee
  • UNDERSTANDING TX FEES
    • Actions that Cost Gas
    • Gas-Free Actions​
  • PROFILE FEATURES
    • 📤(Bulk) Transfer ENS
    • ⏳(Bulk) Renew ENS
      • Renewal Fees
    • 🛂Set Controller
    • 👨‍🔧Set primary name
      • How to set your primary name
    • 👤Set Avatar
      • Add GIF Avatar
    • 📞Set Records
    • Link Multiple Wallets
    • 🎨Set Profile Banner
    • 🧡Like Counter
    • 🔄Refresh Metadata
    • 🌟Edit your web3 Profile - Quick Access Menu
    • ⭐Watchlist
    • 💬Notifications
    • 💯Vision Score (BETA)
  • SUBNAMES
    • What are Subnames
      • Wrap your name - Make ENS name Submintable
        • Why does a parent name need to be wrapped for creating subnames?
    • Subname Store
      • Adjust the minting price of your subnames
    • Manage Subdomains
      • Set Subdomain as primary ENS
      • Transfer Subdomain
      • Set Subdomain Avatar
  • BASICS
    • Telegram Notifications
    • E-Mail Notifications
    • Connect / Disconnect Wallet
    • Enable Dark Mode / Light Mode
    • Toggle List Modes
    • Colour Codes on Cards
    • Gas Meter/Gwei
    • Simple Search via Top Search Bar
  • Categories
    • Category Basics
    • Collection Offers
      • Creating Collection Offers
        • Canceling a Collection Offer
    • Sweep the Floor
    • Category Analytics
    • Category Verification
    • Category Submissions
      • Subcategory Submissions
  • Top Asked Questions
    • ENS
  • TERMINOLOGY
    • Glossary
  • Vision Partners
    • EFP - Ethereum Follow Protocol
    • My.Box
    • Namefi.io
    • 3DNS
    • NameAI - Namehash Labs
    • Afternic
  • BUG BOUNTY PROGRAM
    • Bug Bounty Program
  • BROKERAGE
    • Disclaimer
    • Enable Brokerage
  • USEFUL LINKS
    • Connect & Learn
  • Privacy & Terms
    • Terms of Service
    • Privacy Policy
    • Privacy Notice
    • Cookie Policy
Powered by GitBook

Website

  • www.vision.io

About us

  • Team
  • Medium

Follow us

  • Twitter
  • Discord
  • Instagram
  • TikTok

Support

  • Submit a Ticket
  • Get Help
  • Tutorials

© 2024 - ENS Vision Pte Ltd.

On this page
  • Introduction
  • Rules and Rewards
  • Eligibility
  • Exclusions
  • Reward Determination
  • Considerations for Rewards
  • Important Legal Information
  • Evaluation by Chief Security Officer
  • Submitting a Bug

Was this helpful?

  1. BUG BOUNTY PROGRAM

Bug Bounty Program

Introduction

The Vision.io Bug Bounty Program is designed to encourage and reward members of the Web3 community for contributing to the security of our platform. This program is subject to change and may be cancelled at any time. Participation is subject to legal restrictions.


Rules and Rewards

Eligibility

  • Only issues not already known to the Vision team or previously reported by another user are eligible.

  • Public disclosure of a vulnerability, including exploitation on any public network, disqualifies it from a bounty.

  • The Vision team, ENS Vision PTE LTD employees, and those paid by ENS Vision PTE LTD are ineligible.

  • Only specific smart contracts are eligible. Issues in websites, UI/UX, or other infrastructure are excluded.


Exclusions

No bounties will be issued for:

  • UI/UX/Interface Issues: This includes cosmetic defects, layout issues, color scheme preferences, font styles, and other graphical elements that do not impact the security or functionality of the platform.

  • User Errors: Loss of money or functionality due to user mistakes, misunderstanding of features, or incorrect usage of the platform.

  • Network Failures: Issues arising from external network problems, including but not limited to ISP issues, DNS errors, or general internet connectivity problems.

  • Typos and Misspellings: Mistyped words, grammatical errors, or misspellings in any part of our website or documentation. While we appreciate corrections, they do not qualify for a bug bounty reward.

  • Non-Security Functional Issues: Reports of broken links, unresponsive buttons, or similar functional issues that do not pose a security risk.

  • Performance Complaints: General feedback about the platform's performance, speed, or efficiency that does not relate to a specific security vulnerability.

  • Duplicate Reports: Issues that have already been reported by someone else or are already known to the Vision team.


Reward Determination

Rewards vary by the severity of the vulnerability, based on the OWASP risk rating model.

The Vision team has sole discretion in determining eligibility, score, and reward size.

  • Critical: $ 500 - $ 1000 USD

  • High: $ 200 - $ 500 USD

  • Medium: up to $ 200 USD

  • Low: up to $ 150 USD

  • Note: up to $ 100 USD

For Example - this could mean: low = informational but important (API keys or API abuse etc.) medium = DoS where a part of our site could be broken critical = loss of funds / potentially XSS on a wallet-enabled page etc.


Considerations for Rewards

  • Quality of description: Clear, well-written submissions are preferred.

  • Reproducibility: Include test code, scripts, and detailed instructions.

  • Proposed fixes: Submissions with a clear fix description are valued higher.

Important Legal Information

  • The program is discretionary and not a competition.

  • We cannot issue awards to individuals in or from sanctioned countries (e.g., North Korea, Iran).

  • Participants are responsible for all taxes.

  • Any submitted patches must adhere to the repository's license.

  • Your testing must be lawful and not compromise any data not owned by you.


Evaluation by Chief Security Officer


Submitting a Bug

PreviousAfternicNextDisclaimer

Last updated 5 months ago

Was this helpful?

All bug bounty submissions will be thoroughly reviewed and valued by our Chief Security Officer, . The decision of the CSO will be final in determining the eligibility and reward for each submission.

Report bugs via our Help Portal:

lcfr.eth
https://help.portal.vision.io