Meta Pool - Docs
  • 👋Welcome to Meta Pool
    • What is Meta Pool?
    • Vote to Earn
    • What are Liquid Staking Protocols?
    • Q2 2024 Milestones
    • Q1 2024 Milestones
    • Manifest and Values
    • The mpDAO
      • Contributors team
  • 🔗META POOL ECOSYSTEM
    • Meta Pool Ecosystem
    • Stake
      • Fast Unstake
      • Delayed Unstake
    • Restake Aggregator
      • Unrestake
      • Withdraw
    • Vote / Governance
      • How to get mpDAO - Uniswap
      • Vote UI
      • My Votes
        • Voting Power Calculator
        • Voting Power Dashboard
        • Delegate
        • Delegation and Representation
        • Voting in Meta Pool
      • Grants
      • Vote for Validators
      • How stake distribution works
      • Meta Pool Improvement Proposals (MPIPs)
        • Creating a Meta Pool Initiative Proposal (MPIP)
        • Community Participation and Voting
    • Liquidity
    • Dashboard
  • Ⓜ️Meta Pool by chains
    • NEAR Protocol
      • What is $stNEAR?
      • How does Meta Pool Work?
      • Why Staking $NEAR with Meta Pool?
      • Validator Selection
    • Aurora Network
      • $stAUR
      • Wrapped $stNEAR
    • Ethereum Network
      • mpETH
      • Liquid Staking in Blockchain Operating System (BOS)
    • Internet Computer Protocol
      • What is $stICP?
    • Q Network
    • Story Protocol
  • ❔FAQ (Frequently Asked Questions)
    • FAQ Meta Pool
      • FAQ Ambassadors
    • FAQ by Product
      • Stake
        • $NEAR
        • $AURORA
        • $wNEAR
        • $ETH
        • $IP
      • Restake Aggregator
      • Liquidity
      • Governance
      • Delegate
      • Vote for Validators
      • Vote
      • Launchpad
      • Bonds
    • FAQ by Chain
      • NEAR
      • Aurora
      • Ethereum
      • Internet Computer Protocol
      • Story Protocol
    • FAQ mpDAO & Governance
      • FAQ Voting
      • FAQ mpDAO
      • FAQ Initiatives
      • FAQ Community Representatives
    • Other FAQ´s
  • 🤝CONTRIBUTE TO META POOL
    • Retroactive Public Goods Funding (RPGF)
    • As Validator
    • As Ambassador
    • As Beta Tester
    • Bug Bounty Program
      • Leaderboard
    • As Content Creator
    • Referral Program
  • 👑Tokenomics & Governance
    • Tokenomics
    • mpDAO Governance
      • Multichain Governance
      • Why mpDAO?
      • mpDAO Goals
      • mpDAO Grants
        • mpDAO Grants Round - AI DeFi Builders @ Story Protocol
        • mpDAO Grants Treasury
        • Guidelines
        • Pre-Screening Process and Proposals Templates
        • Voting Timeline
        • How are mpDAO Grants Approved?
        • Payment Distribution Terms
        • Additional considerations
      • mpDAO Grantees
      • Vote-to-Earn rewards
      • Glossary mpDAO
    • Governance-based delegation
    • Meta Pool Improvement Proposals
  • 💻FOR DEVELOPERS
    • Meta Pool Contracts
      • NEAR Network
      • SOLANA Network
      • Ethereum Network & L2s
      • Aurora Network
      • Story Protocol
      • ICP Network
    • Liquid Staking SDK
      • Ethereum Network
      • NEAR Network
    • Analytics API Endpoints
      • NEAR Network
  • 🔐SECURITY
    • Legal Notice and Risk Disclosure Statement
    • Audits
      • NEAR
      • Ethereum
      • Solana
      • Story Protocol
      • Aurora
      • ICP
  • 🔍MISCELLANEOUS
    • Statistics
    • Brand Kit & Logos
    • Learn NEAR Club
    • Resources
      • Medium
      • Meta Pool Blog
      • YouTube
      • Github
    • Socials
      • Discord
      • Telegram
      • Twitter
      • LinkedIn
      • TikTok
Powered by GitBook
On this page
  • Products that apply for Bug Bounty
  • Bug Severity Level
  • I’ve Found a Bug, What Should I Do?
  • Ineligibility
  • Disclaimer
  1. CONTRIBUTE TO META POOL

Bug Bounty Program

PreviousAs Beta TesterNextLeaderboard

Last updated 5 months ago

Meta Pool is an open source, community focused project, keeped by a core team that is launching upgrades and new products to the Meta Pool ecosystem.

This bug bounty program looks to support community members that discover vulnerabilities inside the Meta Pool ecosystem, that mainly affects on-chain operation.

Products that apply for Bug Bounty

The products that apply for Bug Bounty programs are the following.

  • Liquid Staking

  • Meta Vote

  • Meta Validators

  • Restaje aggregator

Any other product of the Meta Pool's family.

Bug Severity Level

The bug severity level is the score assigned by the core team to the bugs found by community members. In order to get your bug scored we need to be able to reproduce it and find it is a real risk.

  • Critical: up to 25 000 points = $5,000 USD

  • High: up to 15 000 points = $3,000 USD

  • Medium: up to 10 000 points = $2,000 USD

  • Low: up to 2 000 points = $400 USD

  • Note: up to 500 points = $100 USD

Each point is valued to $0.2 USD, that can be claimed to the Meta Pool core team. Meta Pool team will proceed paying them at the end of each month. Payment would be done during the month after it is claimed.

I’ve Found a Bug, What Should I Do?

Stay calm and breath, we would take care of it, please follow the next steps:

  1. Do double check that it is a real bug that is affecting Meta Pool, or one of its services. Ever taking care that the tests you are running will not affect other users.

  2. Once you verify a bug is found, document it with more details as possible, including steps to reproduce, links, screenshots, github repositories, and any other detail that can be helpful to reproduce the bug.

  4. Once you notify us, the core team will reproduce the bug and score it according to the bug severity level.

Ineligibility

  1. Vulnerabilities on sites hosted by third parties unless they lead to a vulnerability on the main website.

  2. Vulnerabilities contingent on physical attack, social engineering, spamming, DDOS attack, etc.

  3. Vulnerabilities affecting outdated or unpatched browsers.

  4. Vulnerabilities in third party applications that make use of Meta Pool tokens.

  5. Vulnerabilities publicly disclosed in third party libraries or technology used in Meta Pool products, services, or infrastructure earlier than 30 days after the public disclosure of the issue.

  6. Vulnerabilities that have been released publicly prior to Meta Pool issuing a comprehensive fix.

  7. Vulnerabilities already known to us, or already reported by someone else (reward goes to first reporter).

  8. Issues that aren't reproducible.

  9. Vulnerabilities that require an improbable level of user interaction.

  10. Vulnerabilities that require root/jailbreak on mobile.

  11. Missing security headers without proof of exploitability.

  12. TLS Cipher Suites offered.

  13. Suggestions on best practices.

  14. Software version disclosure.

  15. Any report without an accompanying proof of concept exploit.

  16. Issues that we can't reasonably be expected to do anything about, such as issues in technical specifications that Meta Pool must implement to conform to those standards.

  17. The output from automated tools/scanners.

  18. Any other that the team considers.

Disclaimer

  • Bug bounty program is an experimental collaboration between core team and community members, there is no explicit duty from Meta Pool team to pay the rewards if there is no bilateral agreement between parties.

  • Meta Pool reserves the right to close the Bug Bounty program at any time without previous notice. However please note that duties agreed bilaterally before that will be respected.

Notify us through this and avoid sharing it as public information, in order to prevent malicious people from exploiting the bug.

🤝
form