Bug Bounty on Marsbase

In this article:

What errors and bugs to report?
Terms of participation
Program details: rules, deadlines, etc.
Awards
Summary

Right after the release of the dOTC of the Marsbase platform, we are launching a Bug Bounty program to find bugs. Users of the platform will be able to receive bonuses for reporting platform errors.

Bug bounty is a program offered by Marsbase developers. It will help the project quickly fix errors and vulnerabilities in the system, and users to earn money by improving the infrastructure of Mars. Platform users will be able to receive rewards in mBase tokens for finding bugs in the dOTC desk.

Program goals:

  • creation of a wide range of experts around the project
  • regular testing and checking of the platform for bugs
  • increased activity on the platform
  • rewarding participants for finding critical bugs

What errors and bugs to report?

You can report any bugs in the code, textual typos and design errors, problems with logging into the site, errors in the operation of smart contracts not identified by auditors, the inability to withdraw and deposit funds to the wallet, the inability to create or close a deal, place a bid, and so on.

Before submitting a bug report, please check if the bug is listed on the page in Notion. If there is no such bug, then feel free to send a request. If such a bug already exists, it means that another user has already found this bug before. There is no need to resubmit information about the bug. But you can vote for it here! Read on for more details.

Terms of participation in the program

In order to take part in the Bug Bounty program, you must be subscribed to Discord, official Twitter, Telegram channel and chat:

The program takes place in the official Discord channel. There will be news, updates and announcements. Also, a special private chat has been created where the participants of the Bug Bounty program can discuss current issues, view statuses on bugs and receive additional information.

How long is the program?

The first version of Bug Bounty is valid until further notice (at the discretion of the project team).

Bug Bounty milestones run every month for 14 days after the release of a feature. In 14 days, it is necessary to find as many bugs as possible, after which a new stage of product development is launched. The release roadmap can be found here.

How and where to send errors?

If you notice an error, then you need to fill out the form as detailed as possible, indicating detailed information about the error. The form has all the necessary questions, which need to be answered as detailed as possible. If necessary, please attach screenshots, and sometimes screencasts are better (i.e. screen recording, we recommend a very convenient Chrome extension — Screen recorder).

How will requests be processed?

After filling out the form, all data goes to the Marsbase Support department. The employees evaluate the importance, priority and severity level of the bug and assign it to the appropriate person / persons for checking. If we have any questions, the team will contact you within three days to discuss the bug: where did you find it and next steps. If the bug reproduction was successful, the bug status will be changed to “bug in progress”.

Reproducing a bug

Reproducing a bug is exactly following the described steps from the form in order to reproduce the bug, understand what the problem is and take appropriate measures to fix it.

After receiving information about the bug, the team examines the data specified in the form and proceeds to reproduce.

In order for the team to be able to reproduce the bug, it is necessary to describe the steps for obtaining the bug in as much detail as possible. In this case, you must attach screenshots or video. All questions in the form are mandatory. Without this, the application cannot be sent.

Error classification & rewards

Categories of bugs

  • Bugs related to OTC Desk
  • Dashboard related bugs
  • Bugs related to wallet connection
  • Bugs related to offer creation
  • Bugs related to bid creation
  • Bugs related to closing/cancelling an offer
  • Bugs related to bid cancellation

Who can participate in the program

Platform users, project ambassadors, as well as third parties can participate in the program.

How do I know if I have earned a reward?

After the form is completed, it goes to the head of customer support. After that, all bugs are sorted by the development team, they are assigned a level, category, and other parameters, after which all data is entered into the Notion table. Notion also contains basic information about the user who submitted the bug to the work of the department.

To find out if your ticket and bug went through, sort the list by name or submission date and find yourself in the list.

How are the rewards paid out?

Payment for a detected bug is made in mBase tokens within 30 days. It is done not at the Public round rate, but at the current rate in the equivalent corresponding to the value of the token at the time.

Since the program is launched before the release of the token, you will be assigned points, which can be also found in the Notion table. Further, these points will then be converted into tokens.

Payment will be made after the release of the token on the market (at least 2 weeks after the Public Sale).

Scoring

At the initial stage, each user will be awarded points for participating in the program. After listing, rewards will be awarded in dollar terms.
For finding a bug, a user can get from 100 to 50,000 points, depending on the group of the bug, its complexity, frequency of mention, successful reproduction, and other factors.

Every 10 points equals $1. Therefore, if the user was awarded 2000 points, then in dollar terms the amount will be $200.

Each participant of the program can calculate their points. Notion has detailed instructions on how to do this.

Voting

By participating in the program, you can vote for a bug that you have found, but it has already been previously listed on the platform. Those bugs that will accumulate more votes will be taken into work in the first place. In other words, if you find a bug but can’t capitalize on it, you can still vote to fix it faster. Fulfill your social mission 😉

Basic Rules

  • To participate in the program, you must be subscribed to the main channels: Discord, TG Channel and Chat.
  • Provide a valid wallet address. Based on it, we will identify the user and send rewards.
  • Provide an up-to-date email and nickname in Telegram.
  • Data change occurs only through the support team. To do this, it will be necessary to provide the necessary up-to-date information to identify the user.
  • Provide complete information so that our staff can reproduce and fix the bug.
  • Be the first to report a unique bug in accordance with the disclosure requirements above. If similar bugs are reported within the same 24-hour period, rewards will be divided at Marsbase’ discretion.
  • Do not take any illegal action when a bug is discovered, including threats, demands, or any other coercive tactic.
  • Do not exploit the vulnerability in any way, including publishing it or making a profit (other than as a reward under this Program)
  • Submit a form report for one bug only. If you find several bugs, then fill out the appropriate number of forms.

Stay tuned and subscribe to our official channels for Marsbase news, MBASE token, platform updates and new feature rollouts:
https://linktr.ee/MARSBASE

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store