A blockchain asset management protocol, Melon, announced that it has granted 250,000 CHF to the Melon Council for Melon Protocol v1.0 bug bounty, rewarding people for sharing security errors on the Melon protocol.
This reward pool has been converted into DAI (1 DAI = $1) and bug finders will receive a specific amount of DAI depending on the likelihood and impact level of the vulnerability they report or, in other words, the “severity” of the threat.The bug is calculated and graded according to the OWASP risk rating model to determine where it belongs to and its respective bounty, as Melonport Chief Technical Officer Jenna Zenk revealed in a blog post.
In detail, participants can be rewarded up to 10.000 DAI for any “critical” bug found while the pay-out for a vulnerability in “high” and “low” category will be from 500 DAI to 5000 DAI respectively. Zenk further explained that a “critical” threat “should include vulnerabilities resulting in the possibility of irreversibly locking up the assets, irreversibly destroying the fund or stealing the assets of the fund.”
To take part in this bug bounty, participants are required to submit a full report without public disclosure to security@melonport.com. The bug is expected to be completely new to be qualified or it would be considered as “an acknowledged part of the system.’’
Previously in February 2018, anyone who managed to extract tokens from Melon’s newly launched Melon Fund would receive a reward of 500 MLN tokens. The team also put up another 500 MLN tokens call later for finding non extraction-related bugs or security vulnerabilities.
Comments