Bug Bounty Program

Objective: To identify and fix vulnerabilities in the game, smart contracts, and user interfaces to ensure a safe and secure gaming experience.

In-Scope:

  1. Smart Contracts: Vulnerabilities which could lead to theft of funds or disruption of distribution.

  2. Game Mechanics: Exploits that allow players to gain unfair advantages or manipulate game outcomes.

Out-of-Scope:

  1. Minor bugs (typos, UI issues) not affecting functionality.

  2. Issues already reported and acknowledged.

  3. Attacks against other players (social engineering, phishing).

Reward Structure:

  • Critical Vulnerabilities: $1,500

    • Examples: Loss of funds

  • High Vulnerabilities: $1,000

    • Examples: Smart contract logic flaws, significant game mechanic exploits.

  • Medium Vulnerabilities: $500

    • Examples: API vulnerabilities, session fixation.

  • Low Vulnerabilities: $100

    • Examples: Minor security issues, non-critical bugs.

Submission Process

  1. Report Submission:

    • Submit a ticket in the official The Pit discord.

    • Include a detailed description of the bug, steps to reproduce, and potential impact.

  2. Eligibility:

    • Only reports from legitimate researchers and players are accepted.

    • All submissions must be made in good faith and not result in harm to users or the game environment.

Guidelines

  • Confidentiality: Researchers must keep their findings confidential until resolved.

  • Responsible Disclosure: Provide a reasonable timeline for the team to respond and fix the reported vulnerabilities.

  • No Testing on Live Players: Testing should not disrupt the experience of other players.

PreviousAudit by Peckshield

Last updated