Stacks’ Attackathon includes deployed code with live TVL in scope and so the code cannot be frozen because they may need to make bug fixes to protect users.
To give security researchers (SRs) the best experience bughunting on Stacks the following rules apply.
-
Bug Fixes: Stacks may make bug fixes during the Attackathon.
-
Duplicates: If someone else submits the same bug before a bug fix is public then it’s in scope and valid. If they submit it after a bug fix is public then it’s out of scope and invalid.
-
Fix Bypasses: If a bug fix can be bypassed, then the bypass is considered a new, valid, and in scope bug.
-
Immediate Disclosure: Once a bug fix is made public Stacks will provide an explanation of the bug and proof of its resolution (typically a pull request).
Immunefi will list all bug fix information on the Stacks’ program page and notify SRs in the “stack-ii-attackathon” channel on Immunefi’s Discord.
Comments
0 comments
Article is closed for comments.