English
Back
Completed
2022/08/03 → 2022/11/01, 13:54

DoraHacks Bug Bounty

1000USDC
  • Development
  • websites
  • contracts
  • Bug
  • Security
Hunter’s Guide
How to earn crypto as a bounty hunter?
View Guide ↗
Payment network
Funder
DoraBugBounty
@DoraBugBounty
Send Mail
contact
DoraBugBounty
@DoraBugBounty
Send Mail
participants
 
Multiple-winner bounty
details

Program Overview

DoraHacks is a global hacker movement and the world’s most active multi-chain Web3 developer incentive platform.

The platform offers hackathons, bounty, quadratic funding, privacy voting, and other community governance/funding toolkits. In addition, over 40 major Web3 ecosystems are currently using Dora infrastructures to fund their open source communities.

More than 2000 projects from the DoraHacks community have received over $21.5 million in grants and hackathon prizes.

For more information about DoraHacks, please visit https://dorahacks.io

Reward by Threat Level

All bug reports must come with a Proof of Concept (PoC) with an end-effect impacting an asset-in-scope in order to be considered for a reward. Explanations and statements are not accepted as PoC and code is required.

Payouts are handled by the Dorahacks team directly and are denominated in USDC

  • Submit Form

    • Goole Docs
  • Threat Level

    • Critical, 300$
    • High, 200$
    • Medium, 100$

Impacts in scope

Smart Contract

  • Critical
    • Direct theft of any user funds
    • Permanent freezing of funds
    • Break the Logic to change the user value, e.g. Vote record, Stakcing Value

Websites and Applications

  • Critical

    • Direct theft of any user funds
  • High

    • Take Over User Account
    • Change Website date without admin permission
  • Medium

    • Change User Data without login
    • Website display or busniess logic error
  • Ignore

    • Theoretical vulnerabilities without any proof or demonstration
    • DDos Attack
    • Attacks requiring physical access to the victim device
    • Reflected plain text injection eg: url parameters, path, etc.
      • This does not exclude reflected HTML injection with or without javascript
      • This does not exclude persistent plain text injection

Assets in scope

Contract-Qf-Grant

https://github.com/dorahacksglobal/qf-grant-contract

Contract-DoraStacking

https://github.com/dorahacksglobal/vc-dora-contract

Website-Buidls, Grant, Bounty, Hackathon

https://dorahacks.io/ Website-Stacking for voters https://dao.dorahacks.io/

Activities
  • The bounty was completed on 2023/01/03 09:08

  • Sndky submitted a solution on 2022/08/18 10:58
    Description
    Signature

  • The bounty was created on 2022/08/03 21:54