Skip to main content

Bug Bounty Program

Version 1.0 - December 2023

Disclaimer

The information presented in this Bug Bounty Paper is for informational purposes only and is subject to change. While every effort has been made to ensure the accuracy and completeness of the information contained in this document, Soarchain makes no guarantee and accepts no responsibility for the correctness of any statements or representations made herein. The strategies, plans, and procedures outlined in this paper are still evolving and will be updated periodically to reflect the latest developments and enhancements in the Soarchain ecosystem.

This document does not constitute a final and definitive guide to the Soarchain Bug Bounty Program. Participants and readers are advised to stay updated with Soarchain's official communications for the most recent version of the program details. The current version of this paper is an initial framework that is subject to modifications based on community feedback, technological advancements, and strategic decisions made by the Soarchain team.

We encourage our community members to actively participate in providing feedback and suggestions for the ongoing development of this program. Your input is valuable in helping us create a robust, secure, and community-driven ecosystem.

Introduction

The Soarchain Bug Bounty Program is designed to encourage members of the community, including validators, to contribute towards identifying and resolving bugs or vulnerabilities within the Soarchain network. This program aims to foster a robust, secure, and efficient ecosystem by incentivizing the discovery and reporting of issues in various components of the network.

Scope

The program covers all components of the Soarchain network, including but not limited to:

  • Blockchain Core
  • Smart Contracts
  • Soarchain Connect App
  • Node Software
  • APIs and Integrations
  • Soarchain devices
  • Websites and Documentations

Rewards

Rewards will be distributed in SOAR tokens and are based on two key factors: the severity of the issue (impact on the network and users) and the gravity of the issue (type and complexity). The rewards are categorized as follows:

Critical Issues (High Severity & High Gravity):

  • Impact: Widespread impact, affecting a significant portion of the network or critical system components.
  • Reward: Up to 10,000 SOAR tokens.

Major Issues (High Severity & Medium Gravity):

  • Impact: Affects several users or crucial network functionalities, but not at a widespread level.
  • Reward: Up to 5,000 SOAR tokens.

Moderate Issues (Medium Severity & Variable Gravity):

  • Impact: Affects limited users or has potential for more significant impact if not addressed.
  • Reward: Up to 2,000 SOAR tokens.

Minor Issues (Low Severity & Any Gravity):

  • Impact: Minor impact with no immediate threat to the network or users.
  • Reward: Up to 500 SOAR tokens.

Suggestions and Enhancements:

  • Impact: Proposals for improvements, optimizations, or feature requests.
  • Reward: Up to 250 SOAR tokens, based on the potential impact and feasibility.

Submission Process

  • Report Submission: Participants must submit a detailed report of the discovered issue to the designated Discord ticket portal or email address (info@soarrobotics.com).

  • Report Review: The Soarchain team will review the submission to assess the validity, severity, and impact of the reported issue.

  • Communication: If additional information is required, the Soarchain team will communicate with the participant.

  • Reward Assessment: Once verified and classified, the reward will be determined based on the above criteria.

  • Payment: Rewards will be distributed to the participant's specified wallet address.

Terms and Conditions

Participants must not exploit any vulnerability in a manner that harms Soarchain or its users. Issues already known to the Soarchain team or reported in an ongoing resolution process are not eligible for rewards. The final decision on the reward amount lies solely with the Soarchain team. Participants must adhere to legal and ethical guidelines while conducting their analysis.

Confidentiality

Participants must keep the details of any discovered vulnerabilities confidential and not disclose them publicly or to any third party without explicit permission from the Soarchain team.

Conclusion

The Soarchain Bug Bounty Program is a crucial initiative in our ongoing effort to ensure the security and stability of the Soarchain network. We value and encourage active participation from our community in making Soarchain a secure and reliable platform for all users.