The Energy Web Bug Bounty Program exists to incentivize and reward members of the community who identify and help resolve security vulnerabilities in EW-DOS, including the EW Chain, utility Layer, software development toolkits, and auxiliary EW-related tools and digital infrastructure.
Individuals or organizations who report and/or resolve bugs are eligible for rewards (EWT and public recognition) as follows:
Bugs are categorized at the sole discretion of the Energy Web Technical Committee using a risk assessment matrix based on impact and likelihood. The reward for a given bug is proportional to its severity; rewards are also higher for reporting a bug along with a recommended resolution than for reporting a bug alone.
To be eligible for the reward, a reporter must meet ALL of the following criteria:
Provide a description of the reproducible bug, including a script and/or detailed step-by-step instructions on how to expose the vulnerability to [email protected].
The reporter must include a high-level summary, detailed attack / failure scenario, proposed impact / likelihood.
If also providing a resolution, they must include an invitation to the relevant private GitHub repository and/or related documentation.
The reporter must also provide an address for the EWT bounty reward.
Be the first person to report the issue (all submissions will be anchored on the EW Chain in order to prove order of receipt). The process is:
an oracle hashes the message and creates the on-chain anchor
the message which confirms to the user that their submission has been received contains the anchored hash and the transaction hash it was anchored in
Not disclose any details of the bug / issue publicly.
Not be a paid auditor or contractor of EWF.
To be eligible for an EWT and/or public recognition reward, the reporter must also provide their legal name, email address, and Energy Web Chain address.
Please contact [email protected] any further questions, and thank you for your help strengthening the Energy Web community.
But how will we keep the lights on if it's not always windy or sunny? ... ElectraFlex, which is built using @energywebx and @SunSpecAlliance #opensource tech, will showcase the role of digital solutions for managing clean-powered, responsive, & resilient grids https://medium.com/energy-web-insights/catalonian-grid-operator-electra-caldense-energy-web-and-bamboo-energy-announce-grid-flexibility-51c75e5bcc25
This is the future—distribution utilities digitizing operations, integrating ... with customer-owned DER, and balancing the grid from the bottom up @energywebx @energiaelect https://medium.com/energy-web-insights/catalonian-grid-operator-electra-caldense-energy-web-and-bamboo-energy-announce-grid-flexibility-51c75e5bcc25
Subscribe to our email newsletter today to receive updates.
Energy Web is incorporated in Zug, Switzerland
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.