Development

Zcoin漏洞赏金计划

By 七月 15, 2018 No Comments

我们很高兴地宣布Zcoin官方漏洞赏金计划,以鼓励开发/研究团队审核并修补我们的代码。

我们只接受有关Zcoin主程序相关的报告。 为避免误解,我们不接受提交网站漏洞或51%攻击相关的漏洞。

漏洞报告将遵循HackerOne的披露指南。 如果不遵守这些准则和以下规则,可能会导致奖金无法兑现。漏洞分为三类。

SeverityDescriptionExampleBounty (USD) in XZC equivalent
CriticalA critical vulnerability is such that impacts the Zcoin network as a whole, has potential to break the entire Zcoin network, completely removes the anonymity of Zerocoin, results in the loss of Zcoin, or is on a scale of great catastrophe.A vulnerability that allows forged Zerocoin spends to inflate supply.10,000 up to 50,000
MajorA major vulnerability is such that it impacts individual nodes, routers, wallets, reduces the anonymity of Zerocoin significantly (timing attacks excluded) or must be carefully exploited.For e.g. the paper Burning Zerocoins for fun and profit https://www.chaac.tf.fau.de/files/2018/04/attack-cryptocur.pdf
1,000 up to 10,000
MinorA minor vulnerability is one that has low impact or cannot be exploited easily.100 up to 1,000

如果对漏洞的严重性存在争议,将以Zcoin团队的评估为准。

提交流程

请将提交内容应发送至

关键漏洞和严重漏洞必须通过PGP加密电子邮件将提交内容发送到以下地址:

请记住一并提交您的PGP公钥,以便我们可以进行加密通信。

常见问题

我多久可以收到回复?

我们的目标是在3个工作日内回复所有漏洞报告。在回复时,我们将进行复核以确认提交的漏洞是否属实。无论如何,我们都会做出回应以确认漏洞或提供其不是漏洞的原因。

如何修复漏洞?

确认漏洞后,将打开一个私密GitHub代码库,在此可以让发现者一起处理/审核补丁。完成此操作后,将起草漏洞披露并讨论发布日期。

我报告了一个漏洞,但没有收到回复!

初步回复最多需要3个工作日。如果未收到,通常是垃圾邮件过滤器的原因或者电子邮件系统出了问题。如果您觉得我们没有及时沟通,请务必告诉我们。

我是否会收到提交的赠送金额?

默认情况下,我们会披露发现漏洞的研究人员以及奖励金额。如果您希望此信息保密,请告知我们,我们将尊重您的要求。

如何支付赏金?

所有赏金将根据Coingecko发布补丁时的平均价格确定的现行美元汇率在使用Zcoin支付。

什么是PGP公钥?

—–BEGIN PGP PUBLIC KEY BLOCK—–

Comment: Fingerprint: 96D83C503C974E59C79B15F0FE90742A2CEB91F1

mQINBFiysEwBEACz0/eTnQUJVBxy5FoPnkBe2BcLYTmDaKhlzMCGSDeGMSDJSjum

Z5JLmI2jgNs3GBYFPPXZG7kh+V98j7rN22yquylarFq6dI2MljfRuRUrAoHFQwe2

mV6kP98i8VmjkBaDTqMAqkOZirJTbxQ2MgyxQYF/QhrGVlaeYPdaLojAhnToq/SQ

jkZCopSO142riF5uAL7bX96FaZY9IY8/h8kgiAGlQCRtvllmy1+bRhIIH1XowzUh

pkrsNpGQnwrbjcVJSZEAHz2teT79FNPUUvmouNFxjB2EbB/P6/ZtA+gRnEjcKeVw

kmGkAFWrTfKHucQVMOuIObGiqwaSD0M8loyFZQt8ahvGntUEmWf3A6Md622mnWDs

zKa4qO0URC3fzVMZepSLxChePEUUN0nwh+OBEeqowsOSd0FzKfs+B2pzrix6mp3o

XwhsLeWgaVGclNtkcqx/SHc+dLdZj7hoGFAsdqRHXi5l6+mhtonRj1zMo6z5xOp3

+D88hTT6l6M87hAB1GcfOzh+27qn2I0vX2A6o9zkM17y9igg1wmrXWYIgIchvaKD

zrkB1JHO2bBBWwbQNpnWxDT2U2dWATrW0hozGHoLRD0AUHSolhNL+5Je+0ACXGs4

htm3h7a4c9KVOGJwifqEau6Y9WtlEpkVL+qH5QYQ4mAKbJp9MlEodC8jcQARAQAB

tBxSZXViZW4gWWFwIDxyZXViZW5AemNvaW4uaW8+iQI1BBABCAApBQJYsrBYBgsJ

CAcDAgkQ/pB0KizrkfEEFQgCCgMWAgECGQECGwMCHgEAAD8dD/9BA+2nLq4v8KFX

IDyikER5gikEKKs1d8ojwFLo4pIxxnwp73ZMOkbg1+zxL5Wr0uPK2/2mjgqofHPY

HTNaUuyRMviOYJlaeHLTmXOgcEhHl9bQPKw1ShCsSpqSAB+i8mwqx+zzzNkRx8Qd

V1DYKxxZxUfvUlMcS2tfNoiZZhBHg5hySQf1mZ0RXbc5ku0hcfrOz9mB+lZTDOhY

+HzIc6lmhDgVdaj7lmtVE+V1V3Fm5qaWdrdmuZetgM9gCm+GdyoRvsTiUO9LE0rV

cUucO7ESthxPmeXt8ckybAEcbdYTyHo96VYn+loyq7/u6VwdG0MVYPUSR5sU8y3H

9lF1qpvSaKwI0FSQu4y+Nyd6/O4q/OxHk2TjXmTHpTHqRD7cHZp9cz2CO6e1Hg9g

xsrZWj7OQavx0X0EbOYm4oTdvz1YljjNNKVmyLvwf4+1arT5c9m7PwkeyxB9ZNTf

AgkLFSb+GMmsXOa2V1lIqW6abkLvP48GommZxTrkEVRKvAqE3akazenBWqZGfA2X

LzrG+NY6CDWDYR2r7zqOEBJAvWFZO0N1uOd9lhCY0NU6SrMPV4Hsq2nobrV4kjlC

hQQmlPEBPESD6mCI8ZeivgLWKHtERND9oy+/0yrJnjWWbC8QeJLmtOw3/P7Gk/rA

349PN5jUTnfueOZYFYU7yLR8XEbSnrkCDQRYsrBMARAArQRQGeu2vhFAYYwsmL2r

0yWbdzSRHUc4FgBlLyX7+T+LNvEzQi38eeCjYF49S+zNbmmu4epT4Pv5rWf7HUJh

VDd+2mHlejHfFk9wujYsJ+cFMdXXwZc8iCrcnyEqfN7fInxmhE79yLfXQ+PSUd2W

GiWt3p6vTtPej/CSkptr9VlqfqGOpOxOcAfJNusOEDFL3ClFD4JjoTFamV2hSYj8

w95CnWJdsgfoiN8IbFiNbSEcrLtv0jYrNGa1VbT+h65TdsWZUFhk3JoHlczgSFDY

QvWT1KqXGPH7RLCuxZ8b76TX4vtbskm56BNN8O3ldPE9Myf6/G3RvoSVYpyHCZFc

j8bSkbPhb7eUH7YouVpRpuudwzlJipue9HSNzw8/Z3Dx34AlCtlkm3N3oKoLi2XP

8nMCV8pKWSwrvav5+WdchE/7/dbOU3cBanFnfALfNxWAqcuI22qCedhdNZVUhSud

GHbq93GFUQ4uL3BzkEtNSlvVejMbTAEZ+TyiWOcg/V8cArfIGRBHRzV2x27Iofu9

0SZF2BhC9kvnHe6ziBOk1LU2yhhWjQSvOzJHBTfKd7KAM+9vISRttGMWFQx7fdTZ

j53W4Bf2tAZUttzgB5W43/iCzvpL59QSk6rP9ajaq0eywXv/eq0GFNEt4Vr/Hd6j

7xvsBt8nk7ewd3peoJUZXtEAEQEAAYkCHwQYAQgAEwUCWLKwXAkQ/pB0KizrkfEC

GwwAAKiUD/9alGYzrbkoB3oiSFchGkOyeJEgpDESgcMGHysor8LogLeZF4I6fmgF

Nx/cTRjnMO249f7ttsLRLJP1PeNJNCkrFy6s6D77Qr9ZRVJmxmo/l0fl3rDWR7fx

PHjmIReFw0m9nTFdnHsP7qYo27sl3EMr+gqts85oa3kuw9XotQTIz5qJg4h0dZr/

ycVEN7NNIDlM0++wLlXfWjI63Vj7uMutroAvCJPCJOACj9YOGzTpmaHIIuCjHmaO

4s19KWIdZebzYjutWymy5FbZGRf5+aIlGUTSBlqDJpKu75zhLUR+ife0KxLn62bP

n5jH8QIPYL2STJ1KmxdGLrk1A8/xvGhDN3j0+WXHBkdVNLYepnjpD5wwRqrTnQB7

BcdwLSGUW7KglG1Tj+SgWt/EisKGLsfzALcJ88+gVM95YOx4Q/N0KYqNhVZ91/4/

j6Q0bUWEs5Uvve3RclAFcTu/qp22TGyENZselTU8//TBejfQ6zVRqAmuP36AVmIM

UrOuZhq0jhgOArCu6I9XgalOMxjRSRtinHVjosALoB937ibK/0U5SZ+UMaoXdpV0

hu1BBNyX2JGOilguoVa5LTsXs/fJGYEQWVAwFs9Gf6oY2GcrFFhwlAnp7aNEe6R2

AgiBnBcSd/T71j1tm8/eV9COgcpYrZ6aaOztKf5jEmWL+t8hIpX2Cw==

=GGFJ

—–END PGP PUBLIC KEY BLOCK—–