Zen Protocol Documentation
WebsiteTelegramBlogForum
  • Zen Protocol Docs
  • Apps
    • Headless Full Node
      • Full Node NPM Package
      • Build from Source
      • CLI
      • API
        • Wallet
        • Contracts
        • General
        • Blockchain
        • AddressDB
      • Deploy
        • Systemd
        • Shell script
        • Docker
      • Technical Model
      • AddressDB
    • Wallet
      • Desktop Wallet
        • Installers
      • Web Wallet
        • Run Locally
      • Wallet User Guide
        • Connect a Wallet
          • Create a Wallet
          • Import a Wallet
          • Watch Mode
        • My Wallet
          • Navigation Bar
          • Portfolio
          • Receive
          • Send / Execute
          • Transaction History
        • Contracts
          • Active Contracts
          • Execute a Contract
            • Message Body Field
          • Extend a Contract
          • Activate a Contract
        • Voting
          • Common Goods Pool
            • Generating a Ballot ID
          • Governance
        • Signer
        • Settings
          • Account Settings
          • Node Connectivity
      • Deprecated Desktop Wallet
        • Executable Installers
        • Wallet Structure
          • Video Tutorials
    • Explorer
    • Zen.js
      • Payment Processing
    • Oracle
      • Oracle GUI
      • Oracle Service
      • Oracle's API
      • Deploy
        • Systemd
        • Docker
      • How the Oracle contract works
      • How to create an Attestation token
    • Dex
      • Dex User Guide
        • Traded Pairs
        • Search Pairs
        • Order Book
        • Operations
        • My Wallet
        • Settings
      • How DEX contract works
    • Fixed Payout
      • Fixed Payout Generator User Guide
        • Issue
        • Redeem
        • Cancel
        • Verify
        • Settings
      • How the FP Contract works
      • How are the asset named?
  • Smart Contracts
  • Contract Structure
  • Contract Cost
  • Contract Activation
  • Contract Examples
  • Smart Contracts SDK
  • Contracts Language ZF*
  • Named Token Tutorial
  • Consensus
  • Common Goods Pool
  • Block Validation
  • Transaction Validation
  • Serialization
  • Use Cases
    • Create Unsigned Transaction
    • Secure Sign Transaction
    • Cold Storage using Full Node
  • Troubleshooting
    • Responsible Disclosure
    • Bug Bounty
    • Known Bugs
  • For Miners
    • Pools
    • GPU Mining
    • GPU Bounties
  • Check Crowdsale Contribution
  • Alpha call option
Powered by GitBook
On this page
  1. Troubleshooting

Responsible Disclosure

PreviousCold Storage using Full NodeNextBug Bounty

Last updated 6 years ago

Our preferred reporting procedure is as follows: For vulnerabilities in public-access code, such as the Zen Protocol node:

  • Visit our Gitlab at , and open the appropriate project. (For bugs in ZFStar or the SDK, you'll have to visit our Github at .)

  • Open a confidential issue. Do not leave any information in the issue which could reveal the exploit.

  • We'll confirm our receipt of the issue, and that it is tagged as confidential.

  • Edit the issue to leave details of the vulnerability.

For vulnerabilities in our website or other non-public code/services:

  • Email with notification of a vulnerability, including in what service it is present.

  • We'll confirm receipt.

  • Reply to your Zen Protocol contact with details of the vulnerability.

Our programme awards between $300 and $50,000+, at our sole discretion, for the responsible disclosure of security vulnerabilities. Participation in the paid bounty programme is not mandatory to receive credit for responsible disclosure. The terms for participation are: For credit as a security researcher

  • Agreement to 30-day embargo. You should not disclose any details of the vulnerability within this period.

  • Co-ordinated disclosure within the embargo period. We will inform you in advance of when we intend to publicize the vulnerability, and we will give you the opportunity to write your own report, to be issued simultaneously. We would be happy to link to your own report.

  • Full disclosure. You should inform us, to the best of your knowledge, of all details of the vulnerability. Should you discover additional information about or relating to the vulnerability, you should inform us as soon as possible.

For eligibility to receive a bounty

  • All the above terms, as well as:

  • Extension to 60-day embargo. We may request to extend the embargo to 60 days.

  • Identification. We may require you identify yourself to us. We promise to keep this information confidential.

  • Award at our discretion. We will evaluate the severity of the vulnerability and determine what bounty should be awarded. You agree that the evaluation and award are made at our sole discretion.

Additionally, if you wish to be eligible to receive a bounty, you should inform us at the start of the disclosure process.

https://gitlab.com/zenprotocol
https://github.com/zenprotocol
info@zenprotocol.com