How it worksCompetitionsReviewsGuildsBountiesPortfolioBlog
Sign in
profile image

Spearbit / Spearbit Bounty

Spearbit is a distributed network of industry-leading security researchers tackling the most complex and mission-critical protocols across web3.

Cantina is the one-stop shop for all your security needs, allowing you to source the best network of teams, freelancers, and services to keep your smart contracts secure.

Guidelines

  1. Scope: Only vulnerabilities found on our websites

    • https://spearbit.com and its subdomains are eligible for rewards.

  2. Testing: Do not perform any testing that could disrupt our services or compromise user data.

  3. Disclosure: Do not disclose any vulnerabilities publicly before we've had a chance to address them.

  4. Submission: All submissions must be done on this bounty repository on cantina code. More details on submissions here

Vulnerability Rewards

Here's a general overview:

SeverityReward Range
Critical$20,000 - $25,000
High$10,000 - $20,000
Medium$1,000 - $10,000
LowDiscretionary

Severity Levels

  1. Critical

    • Remote code execution
    • Unauthorized access to sensitive user data
    • Ability to perform actions as a privileged user

  2. High

    • SQL injection
    • Cross-Site Scripting (XSS) with significant impact
    • Authentication bypass

  3. Medium

    • Cross-Site Request Forgery (CSRF)
    • Server-side request forgery
    • Sensitive information disclosure

  4. Low

    • Cross-Site Scripting (XSS) with limited impact
    • Open redirects
    • Clickjacking vulnerabilities

Please note that the final reward amount is at the discretion of our security team and depends on the potential impact and exploitability of the reported vulnerability.

Out of Scope

The following activities and vulnerability types are considered out of scope for this bug bounty program:

  1. Physical attacks against our employees, offices, or data centers
  2. Social engineering attacks against our employees or users
  3. Vulnerabilities in applications or systems not owned by us
  4. Vulnerabilities requiring physical access to a user's device
  5. Recently disclosed 0-day vulnerabilities (within 2 weeks of public disclosure)

Testing Guidelines

To ensure safe and responsible testing:

  1. Use only your own accounts or test accounts for testing.
  2. Do not attempt to access, modify, or destroy data that does not belong to you.
  3. Be mindful of testing that might impact system availability or integrity.
  4. Important: Please be extremely cautious when performing any automated scans or tests that involve multiple requests. Excessive traffic may be flagged as malicious activity.

If you're unsure whether a specific test is allowed, please contact us before proceeding.

Thank you for helping us keep our platform secure!

Summary

Status

Live

Total reward:

$25,000 USDC

Start date:

27 Jul 2024 12:00am (local time)

The first marketplace for web3 security. We've aggregated the security talent and solutions so you don't have to.

Services

CompetitionsReviewsBountiesGuilds

Resources

BlogLeaderboardPortfolioPublic GoodsCantina DocsCantina DiscordCantina Events

Contact

SupportSecurity Contact

Legal

Terms of UsePrivacy PolicyBranding GuideCitation GuideReferral Program

© 2024 Cantina. All rights reserved.