Crystal Caves Open Beta: Bug Bounty Program

Submitting feedback instead of a bug? Please use this Google Form instead.

Bug Bounty Program Overview

Crystal Caves (CC) Open Beta invites the community to report bugs and vulnerabilities to ensure a safe gaming environment. Rewards are given for valid findings that help secure our ecosystem starting October 15th, 2024.

Scope

The following areas of Crystal Caves are in scope:

  • Smart contracts and on-chain transactions

  • Game mechanics (e.g., mining, block defogging, ZK-PoW)

  • Authentication, Platform Integrations, and Web Interface

  • Point distribution systems.

Exclusions

The following will not be eligible for rewards:

  • Vulnerabilities discovered via automated tools.

  • DDOS attacks.

  • User enumeration issues without significant security impact.

  • Vulnerabilities are already covered in CC audits or previously submitted bugs.

Submission Process

Submit reports via Google Form, including:

  • Detailed bug descriptions

  • Screenshots and reproduction steps

  • Screen recording / Video (Optional)

Only the first valid report will be rewarded. After 48-72 hours of submission, a team member will contact you via the contact information provided in the form.

Severity and Reward Structure

Severity is based on the Immunefi system, categorized as:

  • Critical

  • High

  • Medium

  • Low

Rewards (Lumens, USDT) depend on business impact, report clarity, and reproducibility.

Responsible Disclosure Guidelines

  • Report vulnerabilities as soon as they are discovered.

  • Allow a reasonable time for the WORLD3 team to address the issue before public disclosure.

  • Avoid any disruption to services, privacy violations, or data loss.

  • Only test using your accounts unless permission is granted.

  • Do not share or spread details about the vulnerability on social media platforms or other public channels unless explicitly authorized by the WORLD3 team.

WORLD3 team reserves the right to disclose vulnerabilities found at its discretion while respecting the researcher's privacy.

Fine Print

  • Rewards are subject to applicable laws and taxes.

  • The program terms may sometimes be modified, and changes will not apply retroactively.

  • Users must comply with the WORLD3 Terms of Use.

PreviousCrystal Caves Open Beta: Player's GuideNextCrystal Caves Open Beta: Player's Guide (한국어)

Last updated