BUG BOUNTY
Security Research Program
Help secure Moondraft and earn rewards for responsible vulnerability disclosure
Disclaimer: Regulatory Notice
Moondraft tokens distributed through the Security Research Program are intended solely as utility and governance tokens within the Moondraft ecosystem. They are not investment instruments, do not represent ownership or equity, and are not offered for sale. Tokens are discretionary rewards for technical contributions.
Growing Security Program
We reward security researchers who help us identify vulnerabilities through responsible disclosure. Rewards are determined based on severity and impact.
Hall of Fame
Public recognition for valid reports
Token Rewards
Moondraft tokens based on severity
Revenue Share
Future earnings for critical findings
How to Participate
Scope
In Scope:
• Smart contracts and protocol logic
• Web application and API endpoints
• User authentication and wallet integration
• Web application and API endpoints
• User authentication and wallet integration
Out of Scope:
• Social engineering attacks
• Third-party integrations
• Already disclosed issues
• Third-party integrations
• Already disclosed issues
Process
- Submit detailed vulnerability report
- Team reviews and validates report
- Reward determined based on impact
- Issue fixed, reward distributed
Guidelines
• Responsible disclosure required - no public posting before fixes
• Detailed proof-of-concept required for all submissions
• Rewards scale with platform growth and vulnerability impact
• Multiple submissions of the same issue will only reward the first reporter
Vulnerability Disclosure Program Requirements for Researchers
General Requirements
Researchers must include a fully functional PoC (Proof of Concept-Actual evidence or repeatable steps that show the bug is real and can be abused) and calculated CVSS (Common Vulnerability Scoring System-The severity rating you assign to the bug, based on standardized criteria) score with each submission. Attach relevant screenshots and remediation steps. Reports with insufficient evidence will not be reviewed. All findings must use clear technical language and reproducible steps.
Testing Requirements
No automated scanners or disruptive tools. Test only Moondraft’s smart contracts, web app, API endpoints.
Avoid social engineering or attacks on users. Remain in scope and practice responsible disclosure.
Possible Awards
Researchers may receive recognition, Hall of Fame mention, and discretionary compensation.
Up to $500 for critical, $250 for high-risk vulnerabilities. All rewards require verification and compliance.
Special Notes
No public or private disclosure until officially permitted. Breach voids any reward.
Reward Payment Policy
Rewards paid as USDT (Tether) or Moondraft tokens to ERC-20/TRC-20 wallets.
Compensation is goodwill only, based on USD value at approval. Recipient must be legally able to receive payment.