logo
BoBe Bug
Bounty Program
Help make the BoBe ecosystem more secure and earn rewards in USDT
Bug Bounty Reward
Maximum rewardUp to 1,000 $USDT
Bug Bounty
Rewards by threat level
Smart-contract
Threat Level
Low
Reward
up to 30 $USDT
Reward
Threat description
  • Missing zero address checks in critical functions
  • Events not matching actual state changes: incorrect event emits
  • Lack of input validation, allowing illogical or invalid parameter values.
Rewards by threat level
Website
Threat type
Low
Reward
up to 5 $USDT
Reward
Description
  • Minor logical errors
  • Modification of other users' data (including changes to browser local storage) without interacting with a connected wallet and requiring significant user interaction, such as:
    IFrame causing changes to backend/browser state (must demonstrate impact via PoC)
  • Redirection to broken or outdated links
  • Temporary denial of user access to the target site, such as:
    Login blockingCookie bombing, etc.
  • Technical information leakage
Prohibited actions
  • Testing on mainnet without permission
  • Social engineering and phishing
  • Accessing other users' data
  • Public disclosure before a fix is implemented
  • Destructive attacks (DDoS, spam)
Report submission process
  • 1
    Discover a vulnerability within the defined scope
  • 2
    Prepare a detailed report with a Proof of Concept (PoC)
  • 3
    Submit it via the official Google Form
  • 4
    The team will review it within 5 business days
  • 5
    Receive your reward in BoBe tokens upon confirmation
Report requirements
  • 1
    Proof of Concept (PoC) for all severity levels
  • 2
    Detailed reproduction steps
  • 3
    Assessment of potential impact
  • 4
    Remediation recommendations
Please note: This program applies only to the website
https://test.bobe.app
Other subdomains are not within scope.