Bug Bounty Policy
How to engage with Mintbase and qualify for rewards when you discover issues with our platform.
Join our Telegram channel dedicated to security issues reporting and describe the nature of the bug or vulnerability. Here are a few examples:
Calling contract method
xyzresults in incorrect state.
zyxto smart contract method call results in an unpredicted downstream XCC
Header injection calling on Mintbase owned HTTPs endpoint results in 200 vs 403
Once we have verified there is an issue, our team will work with you to directly to fix the issue. Only when the issue has been verified as fixed by the Mintbase team will we proceed with payment.
The base amount for a verifiable issue is 500 USD. For a larger issue that could have lasting impacts on the future of Mintbase users, the amount can increase substantially. This determination is at the sole desecration of our security and leadership teams.
Only when an issue has been verified as fixed will we issue payment. At the time of this writing, payments will be made in NEAR token, however other fiat channels and tokens will be considered depending on the circumstances.
Problems with smart contracts (we are working actively with auditing companies) that could enable unauthorized parties to perform state mutations they shouldn't be authorized to perform.
Exploits on client programs that could cause degradations of performance, or incorrect arguments sent to blockchain transactions.
And of course, all the ones that we haven't thought of yet.
Wear a white hat, bring us a legit report and you will be rewarded appropriately.
We view open source software as a collaborative effort and are friendly to work with.