Dione Protocol: Program info

In-Scope Vulnerabilities

The list is not limited to the following submissions but it gives an overview of what issues we care about:

1. Cryptographic flaws

2. Stealing or loss of funds

3. Unauthorized transaction

4. Transaction manipulation

5. Price manipulation

6. Fee payment bypass

7. Balance manipulation

8. Tokenomics violation

9. Peer-to-peer network flaws

10. Consensus/Safety violations/flaws

11. Loss of Liveness / Network availability

12. Network slowdowns

13. API crash

14. Infrastructure attack

15. Privacy violation

If you identify a security vulnerability impacting Odyssey Chain that does not fall under any of the above categories, we encourage you to report it for further analysis.

Out Of Scope

1. Denial of Service

2. Attacks requiring access to privileged addresses

3. Gas draining and high gas

4. Feature request

5. Best practices

1. Don't defraud or harm Odyssey Chain or its users during your research; you should make a good faith effort not to interrupt or degrade our services.

2. Avoid using web application scanners for automatic vulnerability searching which generates massive traffic

3. Avoid compromising any personal data, interruption, or degradation of any service

4. Don’t access or modify other user data, localize all tests to your accounts

5. Perform testing only within the scope

6. Don’t exploit any DoS/DDoS vulnerabilities, social engineering attacks, or spam

7. Don’t break any law and stay in the defined scope

8. Any details of found vulnerabilities must not be communicated to anyone who is not a HackenProof Team or an authorized employee of this Company without appropriate permission

9. In case that your finding is valid you might be asked for extra KYC verification to proceed with payments

10. Perform testing on a private testnet wherever possible

11. Don’t spam forms or account creation flows using automated scanners

12. If you find multiple vulnerabilities, we will only pay only for the vulnerability with highest severity

13. Please do NOT publish/discuss bugs

• Do not discuss this program or any vulnerabilities (even resolved ones) outside of the program without express consent from the organization
• No vulnerability disclosure, including partial is allowed for the moment.
• Please do NOT publish/discuss bugs

1. You must be the first reporter of a vulnerability.

2. The vulnerability must be a qualifying vulnerability

3. Any vulnerability found must be reported no later than 24 hours after discovery and exclusively through hackenproof.com

4. You must send a clear textual description of the report along with steps to reproduce the issue, include attachments such as screenshots or proof of concept code as necessary.