Penguinswap Bug Bounty: Secure the Future, Earn Rewards

Creditcoin Team -

The Penguinswap Bug Bounty Program invites you to contribute to the security and integrity of the Creditcoin protocol, and we're committing up to 20,000 CTC (G-CRE) to reward the bugs you find! With the launch of the Penguinswap DEX, your bug discoveries can have a significant impact on the DEX experience. You can earn rewards based on the severity of any valid bug reports you submit.

Let's collaborate to build a stronger and more secure ecosystem. This guide provides details on the program’s rewards, scope, and submission process.

Rewards

Each valid bug report will be rewarded based on its severity, ensuring contributors are recognized for their impact in strengthening our platform. While rewards are fixed in USD, payouts will be made in the equivalent amount of CTC (G-CRE) calculated using the exchange rate at the time of distribution to maximize fairness and transparency.

Severity Levels

Bugs are classified based on their severity:

Severity Range
Low Severity $10-$99
Medium Severity $100-$399
High Severity (CVSS 1.6 - 3.5) $400-$699
Critical Severity (CVSS 3.6 - 5.9) $700-$999
Extreme Severity (CVSS 6.0 - 10.0) $1000-$1500

Higher severity bugs are assessed by our team using the Common Vulnerability Scoring System (CVSS). The CVSS metrics include:

  • Attack Vector (AV): Exploit method (e.g., network vs. physical)
  • Attack Complexity (AC): Expertise needed to exploit
  • Privileges Required (PR): Level of access required
  • User Interaction (UI): User involvement is necessary
  • Scope (S): Impact on the system
  • Confidentiality, Integrity, Availability (CIA): Effects on system security

Submission Process

  1. Prepare a Report: Document your findings, including:
    • A detailed description of the bug
    • Steps to reproduce the issue
    • A video demonstrating the bug in action
  2. Submit Your Report: Fill out the Bug Submission Form and attach your report.

Scope

In-Scope Issues

  • Exploitable vulnerabilities in deployed environments
  • Functional issues that degrade user experience or create vulnerabilities

Out-of-Scope Issues

  • Issues requiring a compromised environment
  • Non-exploitable product deficiencies
  • Third-party services and websites
  • Phishing, clickjacking, or social-engineering tactics
  • Configuration issues that are explained in existing documentation
  • Use of wallets other than Credit Wallet

Eligibility

Reports are considered ineligible if they meet any of the following criteria:

  1. They rely on physical attacks or social engineering.
  2. They involve outdated or unpatched browsers.
  3. They were made public prior to the release of a fix.
  4. They are duplicates of previously reported issues.
  5. They lack reproducibility or proof of concept.

Guidelines for Participants

  • Submissions must be in plain text and adhere to the reporting format.
  • Bug classification and rewards are at the discretion of the Creditcoin development team.
  • Rewards are distributed on a first-come-first-serve basis.

Get Started

Your expertise is vital to the success of our Testnet Bug Bounty Program. Let's build a secure and robust Creditcoin protocol together! Ready to dive in? Learn more about interacting with Penguinswap, join our Discord community to connect with fellow penguins, or head straight over to Penguinswap and start swapping today!