Bug Bounty Program

Objective: To identify and fix vulnerabilities in the game, smart contracts, and user interfaces to ensure a safe and secure gaming experience.

In-Scope:

Smart Contracts: Vulnerabilities which could lead to theft of funds or disruption of distribution.
Game Mechanics: Exploits that allow players to gain unfair advantages or manipulate game outcomes.

Out-of-Scope:

Reward Structure:

Critical Vulnerabilities: $1,500
- Examples: Loss of funds
High Vulnerabilities: $1,000
- Examples: Smart contract logic flaws, significant game mechanic exploits.
Medium Vulnerabilities: $500
- Examples: API vulnerabilities, session fixation.
Low Vulnerabilities: $100
- Examples: Minor security issues, non-critical bugs.

Report Submission:
- Submit a ticket in the official The Pit discord.
- Include a detailed description of the bug, steps to reproduce, and potential impact.
Eligibility:
- Only reports from legitimate researchers and players are accepted.
- All submissions must be made in good faith and not result in harm to users or the game environment.

Confidentiality: Researchers must keep their findings confidential until resolved.
Responsible Disclosure: Provide a reasonable timeline for the team to respond and fix the reported vulnerabilities.
No Testing on Live Players: Testing should not disrupt the experience of other players.

Last updated 8 months ago

Objective: To identify and fix vulnerabilities in the game, smart contracts, and user interfaces to ensure a safe and secure gaming experience.

In-Scope:

Smart Contracts: Vulnerabilities which could lead to theft of funds or disruption of distribution.
Game Mechanics: Exploits that allow players to gain unfair advantages or manipulate game outcomes.

Out-of-Scope:

Reward Structure:

Critical Vulnerabilities: $1,500
- Examples: Loss of funds
High Vulnerabilities: $1,000
- Examples: Smart contract logic flaws, significant game mechanic exploits.
Medium Vulnerabilities: $500
- Examples: API vulnerabilities, session fixation.
Low Vulnerabilities: $100
- Examples: Minor security issues, non-critical bugs.

Report Submission:
- Submit a ticket in the official The Pit discord.
- Include a detailed description of the bug, steps to reproduce, and potential impact.
Eligibility:
- Only reports from legitimate researchers and players are accepted.
- All submissions must be made in good faith and not result in harm to users or the game environment.

Confidentiality: Researchers must keep their findings confidential until resolved.
Responsible Disclosure: Provide a reasonable timeline for the team to respond and fix the reported vulnerabilities.
No Testing on Live Players: Testing should not disrupt the experience of other players.

Last updated 8 months ago