Boom Foundation (“Boom”) is pleased to announce its Bug Bounty program (the ”Program”) to incentivise responsible disclosure of software and security vulnerabilities (“Bug”).
Boom will offer a reward of up to €100,000 in Multicoins (“MTCN”) per disclosure.
The scope of this Program is focused on medium to high and critical defects across Boom’s web2 technology infrastructure and web3 smart contracts.
The following are not within the scope of the Program:
Vulnerabilities contingent upon the occurrence of any of the following also are outside the scope of this Program:
This program is for an indefinite term.
Rewards will be allocated based on the severity of the bug disclosed and will be evaluated and rewarded at the discretion of the Boom Foundation team.
Showstopper bugs that could lead to any loss of funds or compromise user data, will be rewarded at the maximum grant of €100,000 in Multicoins (MTCN). Lower severity bugs will be rewarded at the discretion of the Boom team.
Any vulnerability or bug discovered must be reported only to the Boom Security Incident Response Team (BSIRT) at the following email: firstname.lastname@example.org.
The vulnerability must not be disclosed publicly or to any other person, entity or email address before Boom has been notified, has fixed the issue, and has granted permission for public disclosure. In addition, disclosure must be made within 24 hours following discovery of the vulnerability.
A detailed report of a vulnerability increases the likelihood of a reward and may increase the reward amount. Please provide as much information about the vulnerability as possible, including:
Anyone who reports a zero-day vulnerability that results in a change to the code or configuration and who keeps such vulnerability confidential until it has been resolved by our engineers, will be recognised publicly for their contribution if they so choose to.
To be eligible for a reward under this Program, you must:
By submitting your report, you grant Boom Foundation any and all rights, including intellectual property rights, needed to validate, mitigate, and disclose the vulnerability. All reward decisions, including eligibility for and amounts of the rewards and the manner in which such rewards will be paid, are made at the sole discretion of Boom Foundation
The terms and conditions of this Program may be altered at any time without notice.