As you know, the process of moving GeoCash on the BSC mainnet has begun. The new version of the GeoCash app is now live on BSC; however, before giving access to everyone, we would like to run a Geocash Bug bounty to detect issues early on the app and eliminate them. Our highest priority is the security and efficiency of our apps. That’s why we are offering an opportunity to our community members to submit their inputs.
<GeoCash 3.0 Bug Bounty>
Before we make the final move, we want to test the app to its limits hard since it will be working as your wallet even to store BNB & maybe another crypto in the future.
That’s why we are launching a GeoCash BUG bounty to give a few community members a chance to test it, report BUGs, and get some rewards from the team. However, there are conditions to this, and we will detail them below.
GeoCash offers to share your anonymous data in return for GEO tokens. With the mainnet launch, GeoCash 3.0 will live shortly with a few of our other network apps.
As security and privacy are our main focus, we at GeoDB look forward to working with our community to find vulnerabilities to keep our users and our business safe. This includes detecting ways to fake your location data on the app to gain false rewards.
- Please provide detailed reports with reproducible steps demonstrating a plausible remote exploitation scenario. If the report is not detailed enough to reproduce the issue, the issue will not be eligible for a reward.
- Submit one vulnerability per the report unless you need to chain vulnerabilities to provide impact.
- When duplicates occur, we only award the first report received (provided that it can be fully reproduced).
- Multiple vulnerabilities caused by one underlying issue will be awarded one bounty.
- Social engineering (e.g., phishing, vishing, smishing) is prohibited.
- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with the explicit permission of the account holder.
- As project maintainers, we at GeoDB hold the final decision on which issues constitute security vulnerabilities. We hope for your understanding and respect for this.
- Any images, screenshots, files, and videos produced for illustrating a vulnerability PoC must be submitted in the report and not be posted on any public channels, e.g., Telegram, Youtube video, etc.
- Although this is a public program and limited to around 30 first testers on invitation only, please do not discuss or disclose any vulnerability (even resolved ones) outside this program without express consent from GeoDB.
- Any finding should be made available to GeoDB immediately and will remain non-public until the GeoDBTeam has sufficient time to publish an update to solve the issue.
Please apply to be selected as a tester by filling the Form. You will receive an email from us if you are selected & will be invited to join a closed Telegram group with all the testers.
Features and Updates
Please note that any upgrades or added features are announced in our Medium blog and our Telegram chat. See below the links.
You can also refer to the following:
Areas of Interest
These are some of the vulnerabilities and bugs that we have a special interest in.
- Logic errors.
- Congestion and scalability.
- Prevention of false mining
- Missing access controls
All BUG bounty rewards will be paid in BGEO to the wallet address provided by you in the form.
Please note these are general guidelines; reward decisions & the size of the reward are up to the discretion of the GeoDB team.
Reporting a Vulnerability
Any vulnerability or bug discovered should be reported only to the GeoDB team using the form provided in the BUG BOUNTY telegram group. As specified in our Disclosure Policy, participants should not discuss or disclose any vulnerability (even resolved ones) outside of this program without express consent from GeoDB. Please ensure that you disclose vulnerabilities to the team as soon as you find them.
To help us understand the full context of the vulnerability, we require participants to include as much information as possible in their report. Overall, the more detailed your report is, the easier it will be for the team to triage and replicate the vulnerability.
Any activities conducted in a manner consistent with this policy will be considered authorized conduct, and we will not initiate legal action against you. If a third party initiates legal action against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with it.
Good Luck to All Participants
Finally, we would like to wish all participants, especially our community members, the best of luck with this program. We are glad to have you on board, assisting and supporting GeoCash and all its users.