Redbelly Network -
Bug Bounty

Participate in Redbelly Network’s Projects – Bug Bounty Program

Bug Bounty Overview

Redbelly is the only open and purpose-built accountable RWA network. Open, fast, scalable, cost effective and natively compatible with assets in regulated markets.

Severity Definitions

See table below.

Submission Criteria

All submissions must include a POC, showing all impacts of the vulnerability.

Duplicate submissions don’t get rewarded. First submission of each bug wins.

If the maximum budget has been exhausted on a severity, the bug bounty rewards for that severity will stop unless the bounty is updated. 

Reminder: Do not execute your exploit on Redbelly Network or attempt to crash or compromise the network. Simply submit us your proof of concept. 

Rewards Overview

Security level Bug Bounty in cash Bounty in token Maximum budget
Security level Critical
Bug

Infrastructure and smart contracts: (1) The Redbelly Network is under the control of a coalition of nodes that take arbitrary decisions, like appending conflicting transactions. (2) Tamper/manipulate blockchain history to invalidate transactions.
Access dApp: The PII of any user can be retrieved.

Bounty in cash US$250K (AU$375K)
Bounty in token US$250K (AU$375K)
Maximum budget US$750K (AU$1.1M) in cash + US$750K (AU$1.1M) in tokens
Security level High
Bug

Infrastructure: (1) The Redbelly Network is crashed. It is unable to commit any new transactions. (2) No bootnodes or candidate nodes can synchornise with the current state of the blockchain. (3) Denial of service attacks. (4) Undermine consensus mechanism to split the chain.
Smart Contracts: (1) Loss of user funds by permanent freezing or direct theft. (2) Temporary freezing of funds for any amount of time. (3) Smart contract gas drainage.
Access dApp: The PII of some user can be retrieved.
Web services: A website belonging to Redbelly Network or Averer has been tempered with.

Bounty in cash US$50K (AU$75K)
Bounty in token US$50K (AU$75K)
Maximum budget US$200K (AU350K) in cash + US$200K (AU$350K) in tokens
Security level Medium
Bug

Infrastructure: (1) Some initially correct governors or bootnodes are stuck maintaining an inconsistent state of the blockchain. (2) Griefing (e.g. no profit motive for an attacker, but damage to users or the protocol). (3) Theft of gas.
Smart Contracts: (1) Smart contracts are unable to operate due to lack of token funds. (2) Contract fails to deliver promised returns, but does not lose values. (3) Griefing (e.g. no profit motive for an attacker, but damage to the users or the protocol).
Web services: A web service belonging to Redbelly Network or Averer can be made unavailable.

Bounty in cash US$10K (AU$15K)
Bounty in token US$10K (AU$15K)
Maximum budget US$50K (AU$75K) in cash + US$50K (AU$75K) in tokens
Total US$1M (AUD$1.5M) in cash + US$1M (AUD$1.5M) in tokens

Disclosure

Refrain from publishing or releasing any vulnerabilities, even resolved ones, outside of this Program without the projects consent.
You must not be a minor in your jurisdiction of residence, and you must not be employed by a company that does not allow you to participate.
Rewards will be sent via an agreement between the project and the individual directly.

Assets in scope

This bug bounty includes Redbelly Network Blockchain itself and its native features and functions released by Redbelly Network as part of its layer 1 infrastructure. 

28th Nov 2024

Live since

Yes

KYC Required?

$500,000 USD

Max Rewards (Cash + Token Value)

28th Nov 2024

Last Updated

Submit a Bug

To submit a bug, please email: bug@hashlock.com.au

In your submission, you must include the following details for it to be valid;

  1. Full name
  2. Address
  3. Country
  4. A link to a private proof of concept (POC)
  5. Detailed explanations of the bug finding
  6. Your proposed severity level
  7. Your ethereum or Redbelly network Wallet Address

You should be prepared to verify your identity and introduce the point of contact (POC) over a video call with the project leads. Response times for these bounties may take up to two weeks.