FundRequest /
platform #537
FundRequest /
platform #537
As a security auditor I log a medium security breach in FundRequest platform
Claimed
$
503
*
30,000.00
FND
500.00
DAI
Description
As FundRequest we want our community to audit the platform to make sure we get the best audit possible.
Scope of Ticket
- Only FundRequest code (not dependencies) on urls:
For automated testing, use the staging environment:
- Find a Medium security breach
A medium security breach as described in the OWASP risk rating methodology:
Reward
The first reward is $1 000 in tokens, for each subsequent major security issue the bounty is lowered by $100 in tokens.
Precondition
- The auditor must be logged into fundrequest
- The auditor must have experience in pentesting, security audits, ...
Flow: Create Pull Request
- Create a new issue in this repository
- Edit
https://github.com/FundRequest/platform/blob/develop/vulnerabilities.md - Add your name as an auditor
- Describe the security breach using the example template
- Create a pull request with a reference to the GitHub issue you created, this will be used by the FundRequest platform. (How to reference an issue in a GitHub Pull request?)
- FundRequest administrator(s) will review the pull request and validate the reported issue
Postcondition
- The auditor succesfully created a ticket and pull request
- The FundRequest team has successfully reviewed the pull request and funded the issue with $1,000 (or less) in tokens
- The FundRequest team merges the pull request
- The auditor can claim the funds
Acceptance criteria
- The reported issue is considered a medium security breach as stated in the ticket
- The security breach has to be unique.
- The first person reporting the breach will be awarded the bounty.
- The timestamp of the pull request will be used to define the first person who reported the security breach.
- The bug may only be reported in this the FundRequest Github repository and cannot be made public on other platforms/media without the consent of the FundRequest team.
- Determinations of eligibility, rewards and all terms related to an award are at the sole and final discretion of the FundRequest team.
- The bug is first discussed with the team on Telegram before disclosing
Comments
Comments posted on the request
Commented
Thank you @akhilcryptos for your code contribution. The reward linked to this issue has been transferred to your account.
Funded by
0x4f979bec0aeedae54f54d444959a3f07ae66dd6f
30,000.00
FND
500.00
DAI
Subtotal
30,000.00
FND
500.00
DAI
Total
503.12
USD
*
Claimed by
Subtotal
30,000.00
FND
500.00
DAI
Total
503.12
USD
*
This issue has been funded using FundRequest. A developer can claim the reward by submitting a pull request referencing this issue. (How to Close Issues via Pull Requests?) e.g.
fixes #537