Skip to main content
Sign in Menu

Bug Report Submission Form

  • Updated

Project Name

When you go to submit a bug, you will be asked to select the project from a dropdown menu and to type out the name of the project that you have selected. 

This redundancy has been added to ensure that whitehats do not accidentally send reports to the wrong projects. By completing this one simple step, you help to protect sensitive information and to guarantee that your valid submissions go to projects that will reward you for them. 

 

The updated submission form gives whitehats the ability to directly select assets and impacts that are in scope for a specific project. It also allows whitehats submit out of scope impacts by selecting 'Other' in either the 'Targets' list or 'Impacts' list as outlined below. 

 

Note: The new fields contained in the updated submission form ONLY appear for projects if they have updated their bug bounty program. If the project has not updated their BBP, the submission form will appear as the 'old' form that. 

 

Targets List

Once you have selected the project, you will be asked to provide a reference to the code base where the vulnerability was found. A dropdown list of potential targets will be provided, but if you cannot find the necessary code base on the list, you can add a custom target by selecting “Other” and typing it in.

You will not be able to proceed unless you enter a valid url.

 

Impacts List

After selecting the target, you will be provided with a list of possible impacts. You should select all of the impacts that apply to the vulnerability that you have identified. If you believe that there are additional impacts that are not listed, you can click the “Add custom impact” button to add more impacts. Multiple impacts may be selected. 

Proof of Concept

The "Report" section of the submission form contains an additional text field specifically for adding a PoC during the submission process. 



Wallet Address

In the Wallet Address section, you will be asked to provide the address where you will receive payment. The project will determine what cryptocurrency they would like to pay with, and they may choose to pay out in multiple currencies. In this scenario, you will be asked to provide an optional secondary wallet address.

 

If the project chooses to pay in a currency on an Ethereum Virtual Machine (EVM) blockchain, you will need to provide an EVM wallet address. You can do this by selecting the “Connect Wallet” button, or by typing out the wallet address manually.

 

If the project chooses to pay in a non-EVM currency, you will need to provide a non-EVM wallet address. Note that there is no “Connect Wallet” feature for non-EVM wallets, so you will need to type out the address yourself.


Be sure to double check any wallet addresses that are entered manually. If you make a mistake, it will result in the loss of your bug bounty payout and there will be nothing we can do to help you recover the funds.

Related articles

Comments

0 comments

Article is closed for comments.