'%3e%3cpath%20d='M12.4997%201.33325C10.39%201.33325%208.32772%201.95884%206.5736%203.13091C4.81947%204.30298%203.4523%205.96888%202.64496%207.91796C1.83763%209.86704%201.62639%2012.0118%202.03797%2014.0809C2.44955%2016.15%203.46545%2018.0506%204.95721%2019.5424C6.44897%2021.0342%208.34959%2022.0501%2010.4187%2022.4616C12.4878%2022.8732%2014.6326%2022.662%2016.5816%2021.8546C18.5307%2021.0473%2020.1966%2019.6801%2021.3687%2017.926C22.5408%2016.1719%2023.1663%2014.1096%2023.1663%2011.9999C23.1663%209.17094%2022.0425%206.45783%2020.0422%204.45745C18.0418%202.45706%2015.3287%201.33325%2012.4997%201.33325ZM12.4997%2021.3333C10.6537%2021.3333%208.84922%2020.7859%207.31436%2019.7603C5.7795%2018.7347%204.58322%2017.2771%203.8768%2015.5716C3.17039%2013.8662%202.98555%2011.9896%203.34568%2010.1791C3.70581%208.36859%204.59473%206.70554%205.90002%205.40025C7.20531%204.09496%208.86835%203.20605%2010.6788%202.84592C12.4893%202.48579%2014.3659%202.67063%2016.0714%203.37704C17.7768%204.08346%2019.2345%205.27974%2020.2601%206.8146C21.2856%208.34945%2021.833%2010.154%2021.833%2011.9999C21.833%2014.4753%2020.8497%2016.8492%2019.0993%2018.5996C17.349%2020.3499%2014.975%2021.3333%2012.4997%2021.3333Z'%20fill='white'/%3e%3cpath%20d='M19.167%208.06667C19.042%207.9425%2018.8731%207.8728%2018.697%207.8728C18.5208%207.8728%2018.3519%207.9425%2018.227%208.06667L10.8269%2015.4333L6.82695%2011.4333C6.70495%2011.3016%206.53562%2011.2237%206.35621%2011.2169C6.1768%2011.21%206.00201%2011.2747%205.87028%2011.3967C5.73856%2011.5187%205.66069%2011.688%205.65382%2011.8674C5.64694%2012.0468%205.71162%2012.2216%205.83362%2012.3533L10.8269%2017.3333L19.167%209.01333C19.2294%208.95136%2019.279%208.87762%2019.3129%208.79638C19.3467%208.71514%2019.3642%208.62801%2019.3642%208.54C19.3642%208.45199%2019.3467%208.36485%2019.3129%208.28361C19.279%208.20237%2019.2294%208.12864%2019.167%208.06667Z'%20fill='white'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_2790_31187'%3e%3crect%20width='24'%20height='24'%20fill='white'%20transform='translate(0.5)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Bug bounty 
Triaged by HackenproofAptos Naming Service (ANS): Program info
Aptos Naming Service (ANS)
Company: Aptos LabsAptos Naming Service ("Aptos Names") allows members of the Aptos ecosystem to purchase a digital asset that replaces one's blockchain address with a domain name of their choosing. We view this as the place where one's Aptos Identity begins.Aptos Labs ("Aptos", "we", or "us") welcomes feedback from security researchers and the general public to help improve the security of Aptos Names, and, at its sole discretion, offers bounty rewards ("Rewards") for security reports that identify previously unknown, in-scope security vulnerabilities
| Target | Type | Severity | Reward |
|---|---|---|---|
https://github.com/aptos-labs/aptos-names-contracts/tree/main  Copy  Copied | Smart Contract | Critical | Bounty |
https://www.aptosnames.com/ Copy Copied | Web | Critical | Bounty |
Copied Copied Focus Area
Rewards are calculated based on the severity of the impact that the identified vulnerability would have on Aptos Names users and the Aptos Names service. The following severity classifications include sample impacts per criticality, and potential Reward ranges. Aptos Labs retains sole discretion to determine the severity classification of reported vulnerabilities and the amount of any Reward.
Smart Contracts
Critical - up to $250,000
- Domain takeover
High - up to $50,000
- Minting names without paying the cost
- Changing where purchase payments go
- Permanent blocking domain reading operations
Medium - up to $20,000
- Blocking the creation of new domains or the transfer of existing ones
Backend Service
Critical - up to $50,000
- Retrieving sensitive data from a running service
- Forcing API to return an arbitrary address for a domain
If you identify a security vulnerability impacting Aptos Names that does not fall under any of the above categories, we encourage you to report it for further analysis and we will consider a Reward as appropriate. Security issues impacting Aptos Names having a root cause in external code dependencies are also in-scope for the program.
Program Rules
To be eligible for a Reward, you are required to:
- Play by the rules, including following these Rules and any other relevant agreements. If there is any inconsistency or conflict between these Rules and any other applicable terms, the applicable terms of these Rules will prevail;
- Submit an in-scope vulnerability as detailed above;
- Include detailed information and clear steps to reproduce the issue. Vulnerabilities must be reproducible using the code currently in scope for the Program, based on the current mainnet deployment;
- Avoid any testing on mainnet, testnet or devnet deployed code; all testing should be done locally;
- Report any vulnerability within 24 hours of discovery;
- Avoid disrupting our systems, destroying data, and/or harming users;
- Only use this platform to report and discuss vulnerability information with us;
- Provide us a reasonable amount of time to resolve the issue;
- Limit the data you access to the minimum required to effectively demonstrate a Proof of Concept in circumstances where a vulnerability provides unintended access to private data or secrets;
- Vulnerabilities based on social engineering (including Click Jacking) or network Denial of Service (DoS) attacks are considered out of scope and are not eligible for Rewards under this program;
- Not engage in extortion.
Duplicate Reports
Rewards for duplicate reports will be split among reporters with first to report taking priority using the following equation:
R: total reports
ri: report priority
bi: bounty share
bi = 2 ^ (R - ri) / ((2^R) - 1)
Where report priority derives from the set of integers beginning at 1, where the first reporter has ri = 1, the second reporter ri = 2, and so forth.
Note, security reports that come in after the issue has been fully triaged and resolved will not be eligible for a Reward.
Disclosure Guidelines
Do not discuss or disclose any vulnerabilities, even resolved ones, outside of this Program without Aptos Labs’ written consent.
Eligibility and Coordinated Disclosure
You ARE NOT eligible to participate in the Program if you are:
- A “Restricted Person” as defined in the Aptos Labs Terms of Use. To receive a Bounty, you will be required to complete an identity verification process to confirm that you are not a Restricted Person.
- Under the age of 16. If you are at least 16 years old but are considered a minor in your place of residence, you must obtain your parent's or legal guardian's permission prior to participating in this Program.
- Currently an employee or provide services to Aptos Labs or are a former employee or provided services to Aptos Labs within the last 12 months of your submitted security report.
- Employed by an entity that does not allow you to participate in the Program.
To receive a Reward, you will have to enter into an Agreement with Aptos Labs and provide required information, which may include identity verification information and tax information or forms, such as a W-9 or W-8 for U.S. residents or citizens.
Rewards are managed by Aptos Labs and are denominated in United States Dollars (USD). Rewards may be paid partially or fully in digital assets at the sole discretion of Aptos Labs. If you receive digital assets as part of your Reward, the value of the digital assets in USD will be determined at the time you execute your Agreement with Aptos Labs and after you have satisfied all eligibility criteria. Token-based rewards may be subject to a lock-up period.
Getting Started
Rewards '%3e%3cpath%20d='M3%2021H24V24H0V0H3V21ZM6.75%2019.5C6.44587%2019.5006%206.14477%2019.4396%205.8649%2019.3205C5.58502%2019.2015%205.33219%2019.027%205.12167%2018.8075C4.91115%2018.588%204.74731%2018.3281%204.64006%2018.0435C4.5328%2017.7589%204.48436%2017.4555%204.49766%2017.1517C4.51095%2016.8478%204.58571%2016.5498%204.71741%2016.2757C4.84911%2016.0015%205.03502%2015.7569%205.2639%2015.5567C5.49279%2015.3564%205.7599%2015.2046%206.0491%2015.1105C6.3383%2015.0164%206.64358%2014.9818%206.9465%2015.009L9.3645%2010.9785C9.1434%2010.639%209.0181%2010.246%209.00182%209.84115C8.98554%209.43629%209.07888%209.03455%209.272%208.67835C9.46512%208.32215%209.75084%208.02471%2010.099%207.81743C10.4472%207.61016%2010.8448%207.50074%2011.25%207.50074C11.6552%207.50074%2012.0528%207.61016%2012.401%207.81743C12.7492%208.02471%2013.0349%208.32215%2013.228%208.67835C13.4211%209.03455%2013.5145%209.43629%2013.4982%209.84115C13.4819%2010.246%2013.3566%2010.639%2013.1355%2010.9785L15.5535%2015.009C15.6682%2014.9987%2015.7836%2014.9977%2015.8985%2015.006L19.8915%208.019C19.6046%207.59868%2019.4686%207.0935%2019.5058%206.58594C19.543%206.07837%2019.7511%205.59841%2020.0963%205.22442C20.4415%204.85043%2020.9032%204.60449%2021.4062%204.52678C21.9091%204.44906%2022.4236%204.54415%2022.8655%204.79653C23.3075%205.0489%2023.6508%205.44364%2023.8395%205.91631C24.0281%206.38897%2024.051%206.91163%2023.9043%207.39896C23.7576%207.88628%2023.45%208.30948%2023.0317%208.59945C22.6135%208.88942%2022.1093%209.02903%2021.6015%208.9955L17.6085%2015.9825C17.8379%2016.319%2017.9717%2016.7114%2017.9956%2017.118C18.0195%2017.5245%2017.9326%2017.9299%2017.7442%2018.291C17.5558%2018.652%2017.2729%2018.9552%2016.9258%2019.1681C16.5786%2019.381%2016.1802%2019.4957%2015.7729%2019.4999C15.3657%2019.5041%2014.965%2019.3978%2014.6134%2019.1922C14.2619%2018.9865%2013.9728%2018.6893%2013.7769%2018.3323C13.581%2017.9753%2013.4857%2017.5717%2013.5011%2017.1648C13.5165%2016.7578%2013.6421%2016.3627%2013.8645%2016.0215L11.4465%2011.991C11.3158%2012.0031%2011.1842%2012.0031%2011.0535%2011.991L8.6355%2016.0215C8.85679%2016.3611%208.98226%2016.7541%208.99864%2017.159C9.01503%2017.564%208.92172%2017.9659%208.72858%2018.3222C8.53544%2018.6785%208.24963%2018.9761%207.90137%2019.1834C7.5531%2019.3907%207.1553%2019.5001%206.75%2019.5Z'%20fill='%23050505'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_2777_6507'%3e%3crect%20width='24'%20height='24'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Stats 
Types'%3e%3cpath%20d='M16%208.10685L12.0364%2013.0212L10.5818%2012.0459L13.7745%208.10685L10.5818%204.16784L12.0364%203.19254L16%208.10685ZM5.69273%204.16784L3.96364%203.19254L0%208.10685L3.96364%2013.0212L5.69273%2012.0459L2.5%208.10685L5.69273%204.16784ZM5.5%2015.1069L7.23091%2015.6069L10.9909%201L9.26%200.5L5.5%2015.1069Z'%20fill='%23050505'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_2689_5375'%3e%3crect%20width='16'%20height='16'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Languages
Hackers (21) 
