Bug Bounty Program
Last updated
Last updated
The WNS Bug Bounty program covers the Wen New Standard program and the Wen Royalty Distribution program. As new programs are added, this program will cover these as well. The goal of this program is to promote a legal and profitable means for diagnosing and disclosing security information before
Bounties for the bug bounty program are as follows:
Severity | Bounty |
---|---|
The descriptions of the different severity of bugs are as follows:
Critical - Significant escalation of Signer privileges or errors in code execution that presents an immediate risk to a significant portion of users.
Loss of funds
Insertion attacks in transfer hook
Cryptographic failures
High - Attackers can modify critical data or behaviors that they should not be able to access. More narrow in impact than critical or less foundational to the protocol, e.g.
Modify sensitive data
DoS of WNS minting
Supply chain attack on SDK
Low - Attackers can violate an expectation for how something is intended to work but allow nearly no escalation of privilege or ability to seriously impact the useability of the protocol. This also includes bugs that result in unintended outcomes for users.
Incorrect data writes on mint
Unhandled errors
The actual bounty amount is determined by various factors including but not limited to severity, value at risk, and likelihood of being exploited.
Payouts are done in vesting $WEN on Solana.
Fill out this report and leave your preferred communication method. A member from the team will get back to you within 48 hours: https://github.com/wen-community/wen-new-standard/security/advisories/new
The eligible programs are linked below:
Critical
$10,000-$100,000
High
$1,000-$5,000
Low
$100-$500