With the intention to ensure the security and proper functioning of our websites and applications, Trace Labs has launched a dedicated bounty program. Each submission will be evaluated based on its severity and will correspond to a specific bounty reward.
- Minor Bug: 50 TRAC
- Medium Bug: 250 TRAC
- Serious Bug: 500 TRAC
- Critical Bug: 1000 TRAC
- Severity Assessment: The severity of each bug will be determined solely at the discretion of Trace Labs, based on both the likelihood and impact of the bug. All reward decisions are final.
- Submission Process: Please send your bug reports to [email protected], with the subject "WEBSITE/APP BUG BOUNTY." We will evaluate the severity of the bug upon receipt and contact you with further information. Submissions through other channels (e.g., social media) will not be accepted.
- SQL injection.
- Cross-site scripting (XSS).
- Cross-site request forgery (CSRF).
- Remote code execution (RCE).
- Insecure configurations in web servers, databases, and application frameworks.
- Session hijacking and clickjacking.
- Sensitive data exposure.
- Unauthorized access to user accounts.
- Bypassing authentication mechanisms.
- Credentials exposure.
- Logic bypasses.
**Title:** [Short description of the vulnerability]
**Description:**
[A detailed description of the vulnerability, including what it is and how it can be exploited]
**Steps to Reproduce:**
1. [First step]
2. [Second step]
3. [Further steps as necessary]
**Proof of Concept:**
[Include any screenshots, videos, or code snippets]
**Impact:**
[Explain the potential impact of the vulnerability]
**Suggested Fix:**
[Provide recommendations for how to fix the issue]
**Additional Information:**
[Any other information that might be relevant]
Please ensure that while doing testing you are not harming any live contracts on public networks, otherwise you will not be eligible for bug bounty.
Leaking any vulnerability of the smart contracts on any social media platforms or public channels will lead to cancellation of Bounty and might also invite legal action.
We cannot issue rewards to individuals on sanctions lists, or who are in countries on sanctions lists. You are responsible for any tax implications depending on your country of residency and citizenship. There may be additional restrictions depending upon your local law.
This is a discretionary rewards program. We can cancel the program at any time, and the decision to pay a reward is entirely at Trace Labs discretion.
Your testing must not violate any law, or disrupt or compromise any data that is not your own.
{% hint style="warning" %} To avoid potential conflicts of interest, we will not grant rewards to Trace Labs employees, employees that have left Trace Labs within last 2 years and contractors. {% endhint %}