WEMIX Bug Bounty Program

WEMIX recognizes the importance of a comprehensive vulnerability disclosure framework facilitated
through Bug Bounty Programs designed to protect our community from potential security threats and exploitation.

Highest Bounty
  1. 1. Scope

    WEMIX3.0 Testnet Wallet
    WEMIX Wallet Web
    WEMIX Wallet App (Android/iOS)
  2. 2. In-scope Vulnerabilities

    • Arbitrary code execution(ACE) vulnerabilities
    • Personal & sensitivy information leakage
    • Vulnerabilities related to wallet security certificate bypass
    • In-wallet digital/crypto asset vulnerabilities
    • Manipulation of service functionalities
    • Database vulnerabilities and 3rd party information theft
  3. 3. Program Process

    1. Bugs submitted
    2. Confirmation of vulnerabilities
    3. Vulnerability evaluation
    4. Severity assessment
    5. Bounty rewarded
    6. Vulnerability remediation

    * WEMIX Bug Bounty Program uses Google Survey as the official bug submission channelSubmit

  4. 4. Program Rules

    • Must include PoC specifying scenario of exploitation resulting in submitted vulnerability
    • Exploitation attempts via DDOS attacks or physical access to the system are prohibited
    • Do not damage or restrict the availability of services infrastructure or the system integrity
    • All bugs submitted for review must not be disclosed to the public without authorization or consent
    • Exclude spams or solicitation of non-security related issues
  5. 5. Bounty Rewards

    • Severity evaluation for each submission will be determined in accordance with internal standards
    • Bounty rewards will be deposited into your WEMIX Wallet upon WEMIX3.0 Mainnet launch
  6. 6. Exclusion of reward eligibility

    • Bugs that have already been submitted
    • Vulnerabilities produced using an rooted devices and/or cracked programs
    • Submission of reports that does not include vulnerability verfiable code
    • Vulnerabilities that cannot be reproduced
    • Circumstantial vulnerabilities that are unlikely to be exploited by attackers
    • Potential threats of theoretical vulnerabilities based on policy design
    • Non-security related bugs that do not affect the service functionality
    • Brute-force attacks that are either automated or program generated
    • Any actions resulting in harm to businesses, services, and users
  7. 7. Restrictions and disclosure regulations

    • Do not disclose information related to the program and/or vulnerabilities found through the program without consent from the organization
    • Former or current employee of the organizing party and/or one of its contractors may not partake in the program
Program terms and privacy policy