Crystal Caves Open Beta: Bug Bounty Program

Last updated 5 months ago

Crystal Caves Open Beta: Bug Bounty Program

Submitting feedback instead of a bug? Please use this instead.

Bug Bounty Program Overview

Crystal Caves (CC) Open Beta invites the community to report bugs and vulnerabilities to ensure a safe gaming environment. Rewards are given for valid findings that help secure our ecosystem starting October 15th, 2024.

Scope

The following areas of Crystal Caves are in scope:

Smart contracts and on-chain transactions
Game mechanics (e.g., mining, block defogging, ZK-PoW)
Authentication, Platform Integrations, and Web Interface
Point distribution systems.

Exclusions

The following will not be eligible for rewards:

Vulnerabilities discovered via automated tools.
DDOS attacks.
User enumeration issues without significant security impact.
Vulnerabilities are already covered in CC audits or previously submitted bugs.

Submission Process

Detailed bug descriptions
Screenshots and reproduction steps
Screen recording / Video (Optional)

Only the first valid report will be rewarded. After 48-72 hours of submission, a team member will contact you via the contact information provided in the form.

Severity and Reward Structure

Critical
High
Medium
Low

Rewards (Lumens, USDT) depend on business impact, report clarity, and reproducibility.

Responsible Disclosure Guidelines

Report vulnerabilities as soon as they are discovered.
Allow a reasonable time for the WORLD3 team to address the issue before public disclosure.
Avoid any disruption to services, privacy violations, or data loss.
Only test using your accounts unless permission is granted.
Do not share or spread details about the vulnerability on social media platforms or other public channels unless explicitly authorized by the WORLD3 team.

WORLD3 team reserves the right to disclose vulnerabilities found at its discretion while respecting the researcher's privacy.

Fine Print

Rewards are subject to applicable laws and taxes.
The program terms may sometimes be modified, and changes will not apply retroactively.

Last updated 5 months ago

Submitting feedback instead of a bug? Please use this instead.

Bug Bounty Program Overview

Scope

The following areas of Crystal Caves are in scope:

Smart contracts and on-chain transactions
Game mechanics (e.g., mining, block defogging, ZK-PoW)
Authentication, Platform Integrations, and Web Interface
Point distribution systems.

Exclusions

The following will not be eligible for rewards:

Vulnerabilities discovered via automated tools.
DDOS attacks.
User enumeration issues without significant security impact.
Vulnerabilities are already covered in CC audits or previously submitted bugs.

Submission Process

Submit reports via , including:

Detailed bug descriptions
Screenshots and reproduction steps
Screen recording / Video (Optional)

Only the first valid report will be rewarded. After 48-72 hours of submission, a team member will contact you via the contact information provided in the form.

Severity and Reward Structure

Severity is based on the , categorized as:

Critical
High
Medium
Low

Rewards (Lumens, USDT) depend on business impact, report clarity, and reproducibility.

Responsible Disclosure Guidelines

Report vulnerabilities as soon as they are discovered.
Allow a reasonable time for the WORLD3 team to address the issue before public disclosure.
Avoid any disruption to services, privacy violations, or data loss.
Only test using your accounts unless permission is granted.
Do not share or spread details about the vulnerability on social media platforms or other public channels unless explicitly authorized by the WORLD3 team.

WORLD3 team reserves the right to disclose vulnerabilities found at its discretion while respecting the researcher's privacy.

Fine Print

Rewards are subject to applicable laws and taxes.
The program terms may sometimes be modified, and changes will not apply retroactively.
Users must comply with the .