MagnaChain Security-vulnerabilities and Threat-intelligence Bounty Programme

Table of Contents

Scope of Business

MagnaChain github warehouse address:

The scope of the vulnerability accepted is as follows:

Protocol security

Implementation security

Client protocol implementation security

Assuming that the protocols and algorithms are flawless, does a client implementation conform to the formal protocol specification? Issues could include:

Network security

This category focuses on generalized attacks on the whole network or a subset of it:

Client application security

This category addresses more classical security issues:

Cryptographic primitives security

This category includes:

Processing Flow

Reporting Stage

The reporter visits "SlowMist Zone" website and goes to "Submit Bug Bounty" (URL: to submit a threat intelligence. (Status: to be review)

Processing Stage

1. Within one working day, the SlowMist Security Team will confirm the threat intelligence report from the "SlowMist Zone", follow up, evaluate the problem, and feed the intelligence back to the MagnaChain contact person in the meantime (status: under review).

2. Within three working days, the MagnaChain technical team will deal with the problem, draw conclusions and record points (status: confirmed / ignored). They will communicate with the reporter if necessary, and ask the reporter for assistance.

Repairing Stage

1. The MagnaChain business department shall repair the security problems in the threat intelligence and update online (status: repaired). The repairing timeframe depends on the problem severity and the repair difficulty. Generally speaking, it is within 24 hours for the critical and high-risk problems, within 3 working days for the medium-risk problems, and within 7 working days for the low-risk problems. The App security issue is limited by the version release, and the repairing timeframe is on a case-by-case basis.

2. The reporter will review whether the security problem has been repaired (Status: reviewed/reviewed with objection).

3. After the reporter confirms that the security problem is repaired, the MagnaChain technical team will inform the SlowMist Security Team of the conclusion and the vulnerability score. They will issue rewards with the SlowMist Security Team (status: completed).

Vulnerability Level and Reward Standards

Level MagnaChain Reward* SlowMist Zone Reward*
Critical 15,000 ~ 20,000 MGC 512 SLOWMIST
High 10,000 ~ 15,000 MGC 256 SLOWMIST
Medium 5,000 ~ 10,000 MGC 100 SLOWMIST
Low 1,000 ~ 5,000 MGC 32 SLOWMIST

*SLOWMIST is Ethereum ERC20 Token, the ecological incentive token for the SlowMist Zone.

*The MGC will be issued after the MagnaChain mainnet launch. The amount of the award will be based on the severity of the vulnerability and will be recorded on the platform after the assessment is confirmed.

Critical Vulnerabilities

A critical vulnerability refers to the vulnerability occurs in the core business system (the core control system, field control, business distribution system, fortress machine and other control systems that can manage a large number of systems). It can cause a severe impact, gain business system control access (depending on the actual situation), gain core system management staff access, and even control the core system.

It is including but not limited to:

High-risk Vulnerabilities

Medium-risk Vulnerabilities

Low-risk Vulnerabilities

Vulnerabilities that are not accepted at the moment (even if such a vulnerability is submitted, it will be ignored)

Prohibited behaviors

Special thanks to The xianzhi vulnerability classification criteria referred here.