Bug Bounty Program

The Energy Web Bug Bounty Program exists to incentivize and reward members of the community who identify and help resolve security vulnerabilities in EW-DOS, including the EW Chain, utility Layer, software development toolkits, and auxiliary EW-related tools and digital infrastructure.

Individuals or organizations who report and/or resolve bugs are eligible for rewards (EWT and public recognition) as follows:

  • Bugs are categorized at the sole discretion of the Energy Web Technical Committee using a risk assessment matrix based on impact and likelihood. The reward for a given bug is proportional to its severity; rewards are also higher for reporting a bug along with a recommended resolution than for reporting a bug alone.

  • To be eligible for the reward, a reporter must meet ALL of the following criteria:

    • Provide a description of the reproducible bug, including a script and/or detailed step-by-step instructions on how to expose the vulnerability to [email protected].

      • The reporter must include a high-level summary, detailed attack / failure scenario, proposed impact / likelihood.
      • If also providing a resolution, they must include an invitation to the relevant private GitHub repository and/or related documentation.
      • The reporter must also provide an address for the EWT bounty reward.

    • Be the first person to report the issue (all submissions will be anchored on the EW Chain in order to prove order of receipt). The process is:

      • an oracle hashes the message and creates the on-chain anchor
      • the message which confirms to the user that their submission has been received contains the anchored hash and the transaction hash it was anchored in

    • Not disclose any details of the bug / issue publicly.

    • Not be a paid auditor or contractor of EWF.

  • To be eligible for an EWT and/or public recognition reward, the reporter must also provide their legal name, email address, and Energy Web Chain address.

Please contact [email protected] any further questions, and thank you for your help strengthening the Energy Web community.

The Energy Web is accelerating a low-carbon, customer-centric electricity system by unleashing the potential of open-source, decentralized, digital technologies.

Latest Tweets

As part of today's ElectraFlex announcement, we're pleased to welcome ... @electradistrib as the newest #EnergyWeb member.

For 100+ years, Electra has been the DSO for a region of the Spanish power grid just north of Barcelona.

Get to know them better:

But how will we keep the lights on if it's not always windy or sunny? ... ElectraFlex, which is built using @energywebx and @SunSpecAlliance #opensource tech, will showcase the role of digital solutions for managing clean-powered, responsive, & resilient grids

This is the futureā€”distribution utilities digitizing operations, integrating ... with customer-owned DER, and balancing the grid from the bottom up @energywebx @energiaelect

one more example on the usefulness of EW-DOS. This project would not be possible... without #decentralised identities and #blockchain trust

We are excited today to announce the joint project ElectraFlex in partnership ... with Catalonian grid operator Electra Caldense (@EnergiaElectra @electradistrib) and Bamboo Energy (@CasePlatform).

Subscribe to our email newsletter today to receive updates.