6. Bug Bounty Program
Introduction
Recognizing the importance of security, OracleMoney Gateway invites security experts worldwide to identify and report vulnerabilities. This collaborative approach is essential for enhancing the platform's security.
Submission Guidelines
To qualify for a bounty, submissions must adhere to specific criteria:
Must be reported through our submission form.
The vulnerability should remain confidential until resolved.
Submissions should be original, without exploiting the vulnerability for personal gain.
The issue should be tested in our provided environments, not on production systems.
Only submissions about in-scope components are eligible for bounties.
Submissions should be made in good faith, without harmful intentions.
The bounty awarded is at our discretion and subject to our terms and conditions.
Multiple Submissions and Duplicates
Each submission should focus on a single vulnerability, except when chaining is needed to demonstrate impact.
The first reproducible submission for a vulnerability will be considered for a bounty.
Previously known issues, both internal and external, are not eligible for bounties.
Multiple vulnerabilities stemming from a single issue will receive a single bounty.
Program Scope
A dedicated testing environment is available, isolated from production services, to facilitate the bug bounty program, allowing comprehensive testing without setup hassles. This environment also features shorter finalization times to better test exit flows, ensuring a thorough and safe testing process for all participants.
This rephrased content, while maintaining the format of the original OMG guide, has been tailored specifically for OracleMoney Gateway. It includes details on fees, supported tokens, transaction fee structures, and a comprehensive bug bounty program, all integral to the functionality and security of the OracleMoney Gateway ecosystem.
Last updated