At blockimmo, we are building a regulated blockchain powered platform for shared property investments and ownership. We are engaging HackerOne to run a bug bounty to ensure that our platform is as secure as possible.

Disclosure Policy

• All issues should be reported through HackerOne's submit report form
• Follow HackerOne's disclosure guidelines __.

Program Scope

Both blockimmo.ch __and the smart contracts that power it are in scope for this bug bounty.

The smart contract code is available in this GitLab repository __, where we include detailed documentation to quickly get you started. The README provides installation and testing instructions, along with a high-level overview of the project, summarizing and linking to specific contracts where more thorough docs can be found.

Out of Scope:

• Code-style, gas optimization, and the spec.
• Previous versions of smart-contracts (anything older than the latest commit in the master branch in GitLab).
• Glitches in the User Interface / User Experience.
• Clickjacking on pages with no sensitive actions.
• Attacks requiring MITM, physical access to a user's device, or Social Engineering.
• Missing best practices in SSL/TLS configuration.
• Denial of service attacks.
• Content spoofing and text injection issues without showing an attack vector/without being able to modify HTML/CSS.

Report Requirements

• Reports must provide steps to demonstrate the issue. Issues that cannot be reproduced will not be rewarded.
• Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact.
• Must not be a duplicate of a previously raised issue. We only award the first report that was received (provided that it can be fully reproduced).
• Multiple vulnerabilities caused by one underlying issue will be awarded one bounty.
• The person/group reporting the issue must not have been involved in blockimmo's development, auditing, or penetration testing.

Rewards

Our rewards will be based on the severity as determined by blockimmo's team. We will evaluate the overall risk by combining the likelihood with the impact as outlined in the following table.

{F333113}

Please see the structured bounty table for an overview of bounties by severity. These amounts are the base awards, and bonuses will be awarded at our discretion. Bonuses can be awarded for exceptionally high-quality issue reports or providing fixes. The bonuses and determinations of severity are at blockimmo's sole discretion.

Etiquette

• Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service.
• Do not perform any kind of DoS or DDoS attacks
• Only interact with accounts you own or with explicit permission of the account/address holder.
• Avoid polluting our production database with fake information

Safe Harbor

Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.

Thank you for helping keep blockimmo and our users safe.