Dione is a revolutionary L1 blockchain in development enabling renewable energy trade, developed by the best minds in crypto.
In Scope
| Target | Type | Severity | Reward |
|---|---|---|---|
https://github.com/DioneProtocol/odysseygoNode implementation for the Odyssey network. |
Protocol | Critical | Bounty |
https://github.com/DioneProtocol/corethCoreth (from core Ethereum) is the Virtual Machine (VM) that defines the Contract Chain (D-Chain). This chain implements the Ethereum Virtual Machine and supports Solidity smart contracts as well as most other Ethereum client functionality. |
Protocol | Critical | Bounty |
https://github.com/DioneProtocol/odysseygo-installerThis node installer is a shell (bash) script that installs OdysseyGo (the node) on any Linux computer. This script sets up a full, running node. |
Protocol | Medium | Bounty |
https://github.com/DioneProtocol/odyssey-clia command line tool that gives developers access to everything Odyssey. This release specializes in helping developers develop and test subnets. |
Protocol | High | Bounty |
https://github.com/DioneProtocol/subnet-evmSubnet EVM is the Virtual Machine (VM) that defines the Subnet Contract Chains. |
Protocol | High | Bounty |
https://github.com/DioneProtocol/odyssey-network-runnerThis is a tool to run and interact with a local Odyssey network. |
Protocol | Medium | Bounty |
https://github.com/DioneProtocol/sfxdx__odysseyjsThe OdysseyJS library allows you to issue commands to the Odyssey node APIs. |
Protocol | High | Bounty |
In-Scope Vulnerabilities
The list is not limited to the following submissions but it gives an overview of what issues we care about:
Cryptographic flaws
Stealing or loss of funds
Unauthorized transaction
Transaction manipulation
Price manipulation
Fee payment bypass
Balance manipulation
Tokenomics violation
Peer-to-peer network flaws
Consensus/Safety violations/flaws
Loss of Liveness / Network availability
Network slowdowns
API crash
Infrastructure attack
Privacy violation
If you identify a security vulnerability impacting Odyssey Chain that does not fall under any of the above categories, we encourage you to report it for further analysis.
Out Of Scope
Denial of Service
Attacks requiring access to privileged addresses
Gas draining and high gas
Feature request
Best practices
Don't defraud or harm Odyssey Chain or its users during your research; you should make a good faith effort not to interrupt or degrade our services.
Avoid using web application scanners for automatic vulnerability searching which generates massive traffic
Avoid compromising any personal data, interruption, or degradation of any service
Don’t access or modify other user data, localize all tests to your accounts
Perform testing only within the scope
Don’t exploit any DoS/DDoS vulnerabilities, social engineering attacks, or spam
Don’t break any law and stay in the defined scope
Any details of found vulnerabilities must not be communicated to anyone who is not a HackenProof Team or an authorized employee of this Company without appropriate permission
In case that your finding is valid you might be asked for extra KYC verification to proceed with payments
Perform testing on a private testnet wherever possible
Don’t spam forms or account creation flows using automated scanners
If you find multiple vulnerabilities, we will only pay only for the vulnerability with highest severity
Please do NOT publish/discuss bugs
- Do not discuss this program or any vulnerabilities (even resolved ones) outside of the program without express consent from the organization
- No vulnerability disclosure, including partial is allowed for the moment.
- Please do NOT publish/discuss bugs
You must be the first reporter of a vulnerability.
The vulnerability must be a qualifying vulnerability
Any vulnerability found must be reported no later than 24 hours after discovery and exclusively through hackenproof.com
You must send a clear textual description of the report along with steps to reproduce the issue, include attachments such as screenshots or proof of concept code as necessary.