SagaBounty™
Earn bug bounty rewards with SagaBounty™
Are you passionate about blockchain technology and its potential to transform the world?
Do you have a knack for finding software bugs?
If so, you’ve come to the right place.
Our SagaBounty™ bug bounty program offers an exciting opportunity for talented individuals like YOU to contribute to the growth and success of SagaChain™.
Why participate in the SagaBounty™ program?
Here are a few reasons:
Make a real impact
Your discoveries can directly contribute to strengthening SagaChain™ and establishing it as the new standard for blockchain technology.
Earn substantial rewards
We offer generous bounties for valid bug submissions, with rewards varying based on the severity and impact of the vulnerabilities you uncover.
Recognition and reputation
As a participant in our program, you’ll gain visibility within the blockchain community and establish yourself as a bug hunting expert.
Continuous learning and growth
Engage in hands-on experience with cutting-edge blockchain technology, deepen your knowledge, and sharpen your skills as you uncover vulnerabilities and propose solutions.
Collaborative community
Join a vibrant community of like-minded individuals who are passionate about blockchain. Collaborate, share knowledge, and learn from fellow experts.
Ready to dive in and start hunting for bugs?
Check out the SagaBounty™ details below, sign up and then register for our GitLab.
Help us build the next evolution of blockchain – SagaChain™, while earning rewards and recognition for your contributions.
Together, let’s shape the future of blockchain technology!
SagaBounty™ phases
This first phases of the Bounty Program include the functional aspects of SagaChain™.
Phase 1
Consensus and Object State Database – have successfully run test of phase 1 for 2 weeks. 1 issue was posted regarding the code trace information in the logs was set to log all and needed to be set to log error only.
Phase 2
With phase 1 satisfactorily showing stability we have added transaction execution and block
production to the SagaNode™ test environment.
Update the SagaNode™ docker
It is now time to update the SagaNode™ docker code, and for those who have not yet installed it, to run the docker script (as per the SagaNode™ readme). This will ensure everyone has the latest copy of the code.
- Set up a single shard with up to 256 nodes
- Run the code and wait for any error event and report as issue in GitLab
- Restart the TestNet and wait for either same or other error, repeat
- Also add comment on a potential optimization suggestion
Phase 3
Phase 3 code will be implemented upon satisfactory completion of any issue(s) in phase 2.
Phase 3 will enable multiple static shards and SagaScale™ protocol, which will start to reveal the scaling capabilities of SagaChain™.
Important Note
Security vulnerabilities will only be addressed at the final stage of TestNet – there will be no BugBounty rewards for any security issues published before that stage is reached.
SagaBounty™ bug categories
- SagaOS™ nodes
- SagaPython™
- Transactions
- Classes
SagaBounty™ risk and reward levels
Each SagaBounty™ bug category is divided into the following 4 risk levels
Low Risk
Such as suggested / necessary updates.
Finder Reward
$250 in SagaCoin™
Fix Reward
$500 in SagaCoin™
Medium Risk
Such as transaction script execution errors.
Finder Reward
$500 in SagaCoin™
Fix Reward
$1000 in SagaCoin™
High Risk
Such as foundation class errors.
Finder Reward
$1000 in SagaCoin™
Fix Reward
$2000 in SagaCoin™
Critical Risk
Such as anything that crashes the node.
Finder Reward
$2500+ in SagaCoin™
Fix Reward
$5000+ in SagaCoin™
Register as a SagaBounty™ bug hunter
Important note: please use the same email address as used to access your GitLab account
Frequently asked questions
1. I am having a technical problem, where do I go for assistance?
A: Core material associated with SagaPython™ can be found on our GitLab server, our YouTube
channel, and at https://www.prasaga.com/learn
You can also join our #sagabounty Discord channel, where you can get answers to further questions.
2. What does “Bug findings must be relevant to the Bounty Scope” mean?
A: The Bounty Scope refers to the specific goals and parameters of our Bug Bounty program.
Submissions must focus on being relevant and related to the specific phase of TestNet we are in.
3. Are reported bugs shared in GitLab?
A: They are visible in GitLab under the bug tracking system.
4. What level of detail should I provide in my report?
A: The more details you provide, the better we can understand the issue reported and the more
likely you will be rewarded.
5. Is there a limit to the number of reports I can submit?
A: There is no limit. The more qualified issues you report, the more rewards you will get.
6. Do I need to resolve the bug issue?
A: You do not need to resolve the bug issue to receive rewards. However, resolving the bug will
pay more SagaCoin™. See the bug rewards section above.
7. How will I know if the bug I reported has already been reported?
A: You can check the issues opened on GitLab to see the issues that already have been
reported.
8. How are duplicate reports handled?
A: The initial report submitted is the one that will be rewarded.
9. Is there an opportunity to resolve bugs that have been reported by others?
A: Yes, there is. You will be rewarded for providing the solution.
10. Can I get 2 rewards if I submit a bug and a solution separately?
A: You will receive a reward for submitting the bug as well as for providing a solution.
11. Can I report vulnerabilities on third-party applications or services used by the program?
A: There are no third-party applications used in these initial phases.
12. When will the bounty be paid?
A: The bounty will be paid out to eligible participants within 30 days after SagaCoin™ is publicly listed.
13. What type of wallet do I need to receive my bounty?
A: The dev team are working on integrating the wallet now and we will announce more details in the near future.
14. What if I disagree with PraSaga on the severity of the issue, where can I go to appeal?
A: PraSaga™ retains the authority to determine the risk level of a reported bug. It is essential to provide a detailed description of the issue to support your chosen level.
15. Can I publicly disclose the vulnerabilities I found?
A: No – if an issue is publicly disclosed, it will no longer be considered for a reward.
16. Are there any legal or ethical considerations I should be aware of?
A: Please refer to the Terms & Conditions (below).
17. I already have a GitLab account, is it required that I also sign up here, to be a bug hunter?
A: Yes, if you do not sign up here (using the same email address) you won’t be able to earn rewards as part of the SagaBounty™ program.
Terms and conditions
By participating in this program, you agree to the following terms and conditions:
Eligibility
This program is open to anyone who is not a current or former employee of The PraSaga Foundation (“PraSaga™”) or its affiliates. Anyone who is under the age of 18 or is otherwise prohibited by law from participating is also ineligible.
Scope
This program covers vulnerabilities discovered in our Layer 1 blockchain protocol. Any other systems or applications are not within the scope of this program.
Rewards
Rewards for valid vulnerabilities will be determined by PraSaga™ and may vary based on the severity of the vulnerability. Rewards will be paid out in SagaCoin™, as determined by PraSaga™. The reward amount will be determined at the sole discretion of PraSaga™, and we reserve the right to modify the reward structure at any time.
Reporting
To report a vulnerability, you must submit it through our bug bounty platform. You must provide a detailed report of the vulnerability, including a description of the vulnerability, steps to reproduce the vulnerability, and any other relevant information. Reports must be in English.
Testing
You may only test for vulnerabilities on the test network provided by PraSaga™.
Testing on the SagaChain™ production environment (when implemented) will be strictly prohibited. Testing will only happen in the development environment.
Confidentiality
Confidentiality is an essential aspect of our software bug bounty program, and we take it very seriously. By participating in our program, you agree to the following confidentiality statement:
- As a participant in our software bug bounty program, you will have access to confidential information about our software, systems, and processes. You agree to keep this information confidential and not to disclose it to any third party, except as required to participate in the program.
- You agree to use the confidential information only for the purpose of identifying and reporting vulnerabilities and other security issues to us. You will not use the confidential information for any other purpose, including personal gain or competitive advantage.
- You will not disclose any vulnerabilities or other security issues you identify to anyone other than our designated representatives, and only in accordance with the program guidelines.
- You will take all necessary precautions to safeguard any confidential information you receive or generate during your participation in the program, including protecting any data or documents from unauthorized access or disclosure.
- You understand that any breach of this confidentiality statement may result in your immediate disqualification from the program, and may also subject you to legal action, including damages and injunctive relief.
- By participating in our software bug bounty program, you acknowledge and agree to be bound by this confidentiality statement.
Legal
You agree to comply with all applicable laws and regulations in connection with your participation in this program. You also agree that your participation in this program does not create any contractual or employment relationship between you and PraSaga™. This program shall be governed by and construed in accordance with the laws of Switzerland.
No guarantees
PraSaga™ makes no guarantees that any vulnerabilities will be found or that any rewards will be given out. We reserve the right to cancel this program at any time and for any reason.
No malicious activity
You may not engage in any activity that could harm PraSaga™, its users, or its systems. This includes, but is not limited to, exploiting vulnerabilities for personal gain or causing any disruption to our systems or networks.
Indemnification
You agree to indemnify and hold PraSaga™ harmless from any and all claims, damages, or expenses arising out of or in connection with your participation in this program.
Acknowledgement
By participating in this program, you acknowledge that you have read and agree to these terms and conditions.