Impact Definition
Theft of unclaimed royalties: Royalties are any asset distributed as a reward for participation in a system. Any theft of these rewards before they are distributed or claimed is classified as theft of unclaimed royalties.
Impact Metric
An attack qualifies for the impact Theft of unclaimed royalties when $1 USD or more could be stolen if the bug were exploited within the next 12 months.
The impact is calculated to be the amount stolen. The amount stolen does not need to be profit to the attacker, the attacker’s profit may only be a portion of the amount stolen.
Payout Calculation
In general, the payment amount for the impact theft of unclaimed royalties is calculated to be 100% of the funds at risk at the time of the bug report’s submission.
The payment amount calculation is limited within the payment range of the impact’s severity. For example, if the severity is High the payment amount will not be less than the minimum payment amount or more than the maximum payment amount for High severity bug reports.
Comments
0 comments
Article is closed for comments.