YOYOW mainnet, source code address: https://github.com/yoyow-org/yoyow-core
The reporter visits "SlowMist Zone" website and goes to "Submit Bug Bounty" (URL：https://slowmist.io/en/bug-bounty.html) to submit a threat intelligence. (Status: to be review)
1. Within one working day, the SlowMist Security Team will confirm the threat intelligence report from the "SlowMist Zone", follow up, evaluate the problem, and feed the intelligence back to the YOYOW contact person in the meantime (status: under review).
2. Within three working days, the YOYOW technical team will deal with the problem, draw conclusions and record points (status: confirmed / ignored). They will communicate with the reporter if necessary, and ask the reporter for assistance.
1. The YOYOW business department shall repair the security problems in the threat intelligence and update online (status: repaired). The repairing timeframe depends on the problem severity and the repair difficulty. Generally speaking, it is within 24 hours for the critical and high-risk problems, within 3 working days for the medium-risk problems, and within 7 working days for the low-risk problems. The App security issue is limited by the version release, and the repairing timeframe is on a case-by-case basis.
2. The reporter will review whether the security problem has been repaired (Status: reviewed/reviewed with objection).
3. After the reporter confirms that the security problem is repaired, the YOYOW technical team will inform the SlowMist Security Team of the conclusion and the vulnerability score. They will issue rewards with the SlowMist Security Team (status: completed).
|Level||YOYOW Reward||SlowMist Zone Reward*|
|Critical||100,000 YOYO||512 SLOWMIST|
|High||50,000 YOYO||256 SLOWMIST|
|Medium||30,000 YOYO||100 SLOWMIST|
|Low||10,000 YOYO||32 SLOWMIST|
*Remark: the final award depends on the severity of the vulnerability and the true impact of the vulnerability, the values in the table are the highest rewards for each level.
*SLOWMIST is Ethereum ERC20 Token, the ecological incentive token for the SlowMist Zone.
Only the following design or safety issues that affect the stability or safety of the project are within the scope of the program. Common examples include:
The value of rewards paid out will vary depending on Severity. The severity is calculated according to the OWASP risk rating model based on Impact and Likelihood :
Special thanks to The xianzhi vulnerability classification criteria referred here.