INTChain Security-vulnerabilities and Threat-intelligence Bounty Programme

HOME 中文
Table of Contents
Content

Scope of Business

The INT main chain’s consensus layer, network layer, local wallet, web wallet, mobile wallet (IOS and andrid), private key management, serialization, and other security related to all RPC interfaces.

Main chain code address: https://github.com/intfoundation/int (For related deployment documentation, please refer to Readme)

Web Wallet URL: https://wallet.intchain.io/#/

Web wallet code address: https://github.com/intfoundation/intchain-wallet

Mobile wallet address: https://fir.im/5r42

Processing Flow

Reporting Stage

The reporter visits "SlowMist Zone" website and goes to "Submit Bug Bounty" (URL:https://slowmist.io/en/bug-bounty.html) to submit a threat intelligence. (Status: to be review)

Processing Stage

1. Within one working day, the SlowMist Security Team will confirm the threat intelligence report from the "SlowMist Zone", follow up, evaluate the problem, and feed the intelligence back to the INTChain contact person in the meantime (status: under review).

2. Within three working days, the INTChain technical team will deal with the problem, draw conclusions and record points (status: confirmed / ignored). They will communicate with the reporter if necessary, and ask the reporter for assistance.

Repairing Stage

1. The INTChain business department shall repair the security problems in the threat intelligence and update online (status: repaired). The repairing timeframe depends on the problem severity and the repair difficulty. Generally speaking, it is within 24 hours for the critical and high-risk problems, within 3 working days for the medium-risk problems, and within 7 working days for the low-risk problems. The App security issue is limited by the version release, and the repairing timeframe is on a case-by-case basis.

2. The reporter will review whether the security problem has been repaired (Status: reviewed/reviewed with objection).

3. After the reporter confirms that the security problem is repaired, the INTChain technical team will inform the SlowMist Security Team of the conclusion and the vulnerability score. They will issue rewards with the SlowMist Security Team (status: completed).

Vulnerability Level and Reward Standards

Level INT Reward* SlowMist Zone Reward*
Critical 500 ~ 700 USDT 512 SLOWMIST
High 300 ~ 500 USDT 256 SLOWMIST
Medium 100 ~ 300 USDT 100 SLOWMIST
Low 30 ~ 100 USDT 32 SLOWMIST

*Remark: The INT reward will be issued in INT which deppen on the INT/USDT price on OKEX the day before the release.

*SLOWMIST is Ethereum ERC20 Token, the ecological incentive token for the SlowMist Zone.

Critical Vulnerabilities

A critical vulnerability refers to the vulnerability occurs in the core business system (public blockchain core business, wallet core functions, etc.), it can cause a severe impact.

It is including but not limited to:

High-risk Vulnerabilities

Medium-risk Vulnerabilities

Low-risk Vulnerabilities

Vulnerabilities that are not accepted at the moment (even if such a vulnerability is submitted, it will be ignored)

Special thanks to The xianzhi vulnerability classification criteria referred here.