Bug Bounty Program— ballena.io

ballena.io launches a bug bounty program payout of up to $5,000 that focuses on finding vulnerabilities in the smart contracts & the blockchain code.

Reporting a Vulnerability

Link: https://discord.com/invite/7dJEAmMX

The ballena.io team will filter the reported bugs through an exhaustive study of the matter. In case the bug is confirmed, the triage team will notify the ballena.io’s devs for them to immediately rectify the vulnerability should they deem it valid.

Rewards by Threat Level

Payouts are handled by the ballena.io team directly and are denominated in USD. Payouts are done in BALLE tokens.

Smart Contracts and Blockchain

  • High Level USD $1000.
  • Medium Level USD $500.
  • Low Level USD $100.
  • None Level USD $0.

Our priority

  • Smart Contracts and Blockchain.
  • Re-entrance.
  • Logic errors including user authentication errors.
  • Solidity/EVM details not considered including: integer over/under-flow, rounding errors & unhandled exceptions.
  • Trusting trust/dependency vulnerabilities including composability vulnerabilities.
  • Oracle failure/manipulation.
  • Novel governance attacks.
  • Economic/financial attacks including flash loan attacks.
  • Congestion and scalability including: running out of gas, block stuffing, susceptibility to frontrunning.
  • Consensus failures.
  • Cryptography problems.
  • Signature malleability.
  • Susceptibility to replay attacks.
  • Weak randomness.
  • Weak encryption.
  • Susceptibility to block timestamp manipulation.
  • Missing access controls / unprotected internal or debugging interfaces.

Out of Scope & Rules

  • Attacks that the reporter has already exploited themselves, leading to damage.
  • Attacks requiring access to leaked keys/credentials.
  • Attacks requiring access to privileged addresses (governance, strategist).

Smart Contracts and Blockchain

  • Not to exclude oracle manipulation/flash loan attacks.
  • Basic economic governance attacks (e.g. 51% attack).
  • Lack of liquidity.
  • Best practice critiques.
  • Sybil attacks.

The following activities are prohibited for our bug bounty program:

  • Any testing with mainnet or public testnet contracts; all testing should be done on private testnets.
  • Any testing with pricing oracles or third party smart contracts.
  • Attempting phishing or other social engineering attacks against our employees and/or customers.
  • Any testing with third party systems and applications (e.g. browser extensions) as well as websites (e.g. SSO providers, advertising networks).
  • Any denial of service attacks.
  • Automated testing of services that generate significant amounts of traffic.
  • Public disclosure of an unpatched vulnerability in a seized reward.

Community

Twitter: https://twitter.com/ballenaio
Discord: https://discord.gg/ydRbEAaqqc
Medium: https://medium.com/@ballena
Website: https://ballena.io
Telegram: https://t.me/ballenaenglish

ballena.io is a yield optimizing automated platform based on the BSC. Yield optimization has become one of the most profitable areas in the Crypto currency