Announcing the Nimbus Bug Bounty Program

We are thrilled to announce that the Nimbus Bug Bounty program is about to kick-off!

Those of you who find bugs in the Nimbus code before July 1 can receive Rewards from a Total Fund of 50,000 NBU! Find more detail below:

Our highest priority is the security and efficiency of all Nimbus solutions. That’s why we are offering an opportunity to our community members to submit your inputs for scaling the security of the platform.

But of course, we want to show our appreciation towards our bug hunters. So, we offer up to 50,000 NBU in rewards to up to 20 participants who succeed in this program.

Rewards

Nimbus shall use the CVSS vulnerability scoring system to assess the severity of the bugs that you hunt. The reward fund shall be divided by threat level as specified below:

Please note that if there are no winners at some of the levels, the level’s reward fund will not be divided between other levels’ winners. Instead, it will remain unused.

On the other hand, if we receive more than 5 great applications within one level, we may provide an extra prize of up to 5,000 NBU for those who do not get rewards from the core reward fund outlined above.

Program Duration

The Bug Bounty shall begin on the 1st of April 2021 and is scheduled to end on the 1st of July 2021.

Winners shall be picked by July 12 and the rewards shall be airdropped in the winners’ wallets in the following days.

Scope of the Program

In scope for the Nimbus Bug Bounty program are the majority of the smart contract components that have been published on Nimbus Github to date. It shall effectively include — NBU, NBU Staking, NBU LP Staking, all auxiliary software for GNBU, Staking family GNBU, DAO, and P2P Exchange. They can be found in the following repositories:

1. Nimbus Swap Machine
https://github.com/nimbusplatformorg/nim-smartcontract/tree/master/src/Swaps

2. NBU
https://github.com/nimbusplatformorg/nim-smartcontract/blob/master/src/NimbusCore/NBU.sol

3. Nimbus Soft Staking
https://github.com/nimbusplatformorg/nim-smartcontract/blob/master/src/Staking/StakingRewardsSameTokenFixedAPY.sol

4. Nimbus Hard Staking
https://github.com/nimbusplatformorg/nim-smartcontract/blob/master/src/Staking/LockStakingRewardSameTokenFixedAPY.sol

5. Auxiliary software for GNBU
https://github.com/nimbusplatformorg/nim-smartcontract/blob/master/src/Governance/GNBU.sol

6. GNBU Soft Staking Family
https://github.com/nimbusplatformorg/nim-smartcontract/blob/master/src/Staking/StakingRewardsFixedAPY.sol

7. GNBU Hard Staking Family
https://github.com/nimbusplatformorg/nim-smartcontract/blob/master/src/Staking/LockStakingRewardMinAmountFixedAPY.sol

8. Nimbus DAO
https://github.com/nimbusplatformorg/nim-smartcontract/blob/master/src/Governance/NimbusGovernorV1.sol

9. Nimbus P2P Exchange
https://github.com/nimbusplatformorg/nim-smartcontract/tree/master/src/dApps/P2PP2P

Areas of Interest

These are some of the bugs and vulnerabilities that we are especially interested in:

•Logic Errors
•Congestion and scalability
•Cryptography issues
•Missing access controls/unprotected or debugging interfaces
•Token manipulation
•Liquidity exploits

Out of Scope

•Attacks that the hunter has identified and exploited, leading to damages
•Attacks requiring access to leaked key and credentials
•Lack of liquidity
•Best practices, opinions and critiques
•Sybil attacks

The following activities shall result in disqualification:

•Phishing or social engineering attacks against the Nimbus users or team
•Testing with malicious or third-party systems or websites such as browser extensions, advertising networks, or SSO providers
•Denial of service attacks
•Automated or bot testing that generates heavy traffic
•Public disclosure of unamended or unpatched vulnerabilities

Terms

Reporting a Vulnerability

Any vulnerability or bug discovered should be reported only to the Nimbus team at bugbounty@nimbusplatform.io. Bounty hunters should not disclose the vulnerability or the bug policy to another party before contacting the Nimbus team. Please ensure that you disclose the bug to the Nimbus team as soon as you discover it since speed matters!

In order to help us grasp the full context of the bug or vulnerability, we would appreciate it if you include as much information as possible in your mailers. Some of the topics that you can touch upon are:

Overall, the more detailed is your vulnerability report, the higher your chances of receiving the rewards! So make sure to include as many details as you can.

Good luck to all the participants!

Finally, we would like to wish all our community members the best of luck with this program. We are glad to have you on board, assisting in maintaining the well-being and prosperity of the Nimbus platform and all users.

As usual, if you have any questions regarding the Nimbus bug bounty program, please type your queries in the official Nimbus Telegram Chat.

Website: https://nimbusplatform.io/

Twitter: https://twitter.com/nmbplatform

Telegram: https://t.me/Nimbus_Platform_ENG

Nimbus is a DAO-governed platform that offers 16 earning strategies for users boosted by multiple layers of risk-management. https://nimbusplatform.io/

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store