Introducing the Hummingbot bug bounty program

Blog » Introducing the Hummingbot bug bounty program

Welcome to the Hummingbot Bug Bounty Program!

Yingdan Liang

April 16, 2019 · 1 min read

Since Hummingbot is experimental, beta software that can be run in many different user configurations and markets, we are leveraging the power of our community to help us identify and properly handle all the edge cases which may arise.

As a small token of our appreciation for users who invest their time and effort to try out Hummingbot and report the issues they encounter, we are excited to announce a bounty program for reward users who help improve Hummingbot's stability and reliability!

Scope

The public, open source Hummingbot code base.

Rewards

We will pay bug reporters 0.1 ETH for any bug reported that meets the following criteria:

  • It has a different root cause than any other bug reported by other users
  • Reporter follows the submission guidelines below (see Submission)
  • We decide to fix the bug

In addition, we may add a discretionary bonus to bugs that entail security vulnerabilities, depending on the severity of the vulnerability.

Bounty Rules and Guidelines

  • Bounties are awarded on a first-report basis
  • We ask that you do not use vulnerabilities or errors you come across for purposes other than your own investigation
  • We ask that you do not publicize or disclose to any third parties any details of security vulnerabilities until hummingbot remove those issues
  • All bounties and rewards will be subject to the sole discretion of the Hummingbot team

Submission

  • For security vulnerabilities: Email the description of the issue to us at dev@hummingbot.io
  • For all other bugs: Submit a Bug Report in our Github repo
  • Please follow the template and include detailed descriptions of the bug, steps to reproduction, supporting artifacts such as screenshots, logs, configuration settings, and suggested fixes, if any
  • Privacy: We pledge that we will not use your information for trading purposes or share your personal information with third parties

Evaluation

The Hummingbot team will investigate your report within 24 hours, contact you to discuss the issue, and send 0.1 ETH to your Ethereum wallet once the team decides to fix the bug that you reported.

We will publish a list of reported bugs and their status in the Hummingbot documentation.

Happy 🐞 hunting!

About Hummingbot

Who we are and why we are building Hummingbot.

Learn more

Get the latest updates from Hummingbot