everiToken is world's first token-customized public chain aiming to be the best infrastructure to tokenize everything and for token economy. After a successful mainnet launch on 2018/07/31, everiToken has achieved high TPS(5,000+), high security and high standardization
In Scope
Target |
Type |
Severity |
Reward |
SDK - evtjs * EVT JavaScript SDK - https://github.com/everitoken/evtjs |
SDK |
Critical |
Bounty |
Blockchain - evt * everiToken public blockchain - https://github.com/everitoken/evt |
Blockchain |
Critical |
Bounty |
Documentation
In-Scope Vulnerabilities
Common examples of security issues in scope of the program for EVT are listed below:
- Single Node DoS - any node crash via API, requests etc.
- EVT DoS - blockchain crash via breaking consensus, API and other requests etc.
- API access control violations - gaining access to privileged functions
- Attacks on cryptography
- Transaction / messages malleability
- Lack of validation for transactions, blocks etc.
- Standards violations
- For issues that are not listed above, EVT appreciates reports that demonstrate vulnerabilities for the blockchain. Those reports are rewarded in accordance to the severity of the vulnerability.
- Avoid compromising any personal data, interruption or degradation of any service .
- Don’t access or modify other user data, localize all tests to your accounts.
- Don’t exploit any DoS/DDoS vulnerabilities, social engineering attacks or spam.
- In case you find chain vulnerabilities we pay only for vulnerability with the highest severity.
- Only the first valid bug is eligible for reward.
- Don’t disclose publicly any vulnerability until you are granted permission to do so.
- Don’t break any law and stay in the defined scope.
- Comply with the rules of the program.
- The rewards will be paid out in HKN based on the current price.
- Any details of found vulnerabilities must not be communicated to anyone who is not a HackenProof Team or an authorized employee of this Company without appropriate permission.
In Scope
Scope Type |
Scope Name |
undefined |
SDK - evtjs |
undefined |
Blockchain - evt |
On this program you get up to 5000.0 HKN for the most critical vulnerability.