Bug Bounty Program

The WNS Bug Bounty program covers the Wen New Standard program and the Wen Royalty Distribution program. As new programs are added, this program will cover these as well. The goal of this program is to promote a legal and profitable means for diagnosing and disclosing security information before

Bounty & Breakdown

Bounties for the bug bounty program are as follows:

Severity

Bounty

The descriptions of the different severity of bugs are as follows:

Critical - Significant escalation of Signer privileges or errors in code execution that presents an immediate risk to a significant portion of users.

Loss of funds
Insertion attacks in transfer hook
Cryptographic failures

High - Attackers can modify critical data or behaviors that they should not be able to access. More narrow in impact than critical or less foundational to the protocol, e.g.

Modify sensitive data
DoS of WNS minting
Supply chain attack on SDK

Low - Attackers can violate an expectation for how something is intended to work but allow nearly no escalation of privilege or ability to seriously impact the useability of the protocol. This also includes bugs that result in unintended outcomes for users.

Incorrect data writes on mint
Unhandled errors

The actual bounty amount is determined by various factors including but not limited to severity, value at risk, and likelihood of being exploited.

Payouts are done in vesting $WEN on Solana.

Reporting Bugs

Fill out this report and leave your preferred communication method. A member from the team will get back to you within 48 hours: https://github.com/wen-community/wen-new-standard/security/advisories/new

In-Scope

The eligible programs are linked below:

GitHub - wen-community/wen-new-standardGitHub

Out of Scope Rules

PreviousWen Grant Program

Last updated 2 months ago