Tenset news

Tenset bug bounty program


Tenset bug bounty program

We are pleased to announce the launch of a dedicated bug bounty program for Tenset! Security is treated with the utmost importance at Tenset so this is a strong development to ensure we have the safest contract possible.

For those not familiar with the term ‘Bug bounty’, it is a reward system offered to a person who identifies an error or vulnerability. These programs allow developers to discover and resolve bugs before the general public is aware of them, preventing incidents of widespread abuse or harmful exploits.

We are confident that our smart contracts are already of the highest quality, but this is an additional measure to safeguard our token and all users who interact with our ecosystem! As always, our priority is to protect our loyal community.

If you want to read more information about Tenset’s specific bug bounty program you can read the full scope and rules below.

Scope: 10SET token on Binance Smart Chain: 0x1ae369a6ab222aff166325b7b87eb9af06c86e57

Rewards: up to $100,000

Submission Requirements

No KYC required.

All bug reports must come with a PoC with an end-effect impacting an asset-in-scope in order to be considered for a reward. Explanations and statements are not accepted as PoC and code is required.

Bug reports should be sent to security@tenset.io

Impacts in scope

Critical (up to $100,000)

  • Exploits resulting in the locking, loss, or theft of user funds
  • Permanent Denial of Service attacks
  • Permanent freezing of funds
  • Miner-extractable value (MEV)
  • Unauthorized minting

High (up to $30,000)

  • Temporary freezing of funds
  • Unintended modifications to the token fee

Medium (up to $5,000)

  • Block stuffing for profit
  • Griefing (e.g. no profit motive for an attacker, but damage to the users or the protocol)
  • Theft of gas
  • Unbounded gas consumption
  • On-off unintended fee circumvention

Low (up to $1000)

  • Contract fails to deliver promised returns, but doesn't lose value

Out of Scope & Rules

The following vulnerabilities are excluded from the rewards for this bug bounty program:

  • Attacks that the reporter has already exploited themselves, leading to damage
  • Attacks requiring access to leaked keys/credentials
  • Attacks requiring access to privileged addresses
  • Frontrunning, backrunning, sandwich attacks, and related known MEV attacks
  • Lack of liquidity
  • Best practice critiques
  • Centralization risks
  • Attacks that rely on social engineering
  • Reports regarding bugs that the Tenset project was previously aware of are not eligible for a reward

The following person(s) are ineligible to receive bug bounty payout rewards: Staff, Auditors, Contractors, persons in possession of privileged information, and all associated parties.

Prohibited Activities

  • Any testing with mainnet or public testnets; all testing should be done on private nets
  • Public disclosure of a vulnerability before an embargo has been lifted
  • Any testing with third party smart contracts or infrastructure and websites
  • Attempting phishing or other social engineering attacks against our employees and/or customers
  • Any denial of service attacks
  • Violating the privacy of any organization or individual
  • Automated testing of services that generates significant amounts of traffic
  • Any activity that violates any law or disrupts or compromises any data or property that is not your own.