Gm, talented frens 👋,
As our community grows, so do the security concerns around what we’re building. With that in mind, and in order to step up our security game, we’ve teamed up with Immunefi to bring a bug bounty program to life - an opportunity for you to put us to the test, help us out and also earn while doing it.
We’re hoping that, with the help of our community, we will be able to spot any vulnerabilities regarding smart contracts.
How it works
At https://immunefi.com/bounty/talentprotocol/ you’ll be able to access the bug bounty program. There, you’ll be guided through everything you need to do a bounty and how to be rewarded.
The assets in scope for this program are Talent Protocol’s factory smart contract - responsible for the generation of new talent tokens - and staking smart contract - responsible to handle stake transactions of talent tokens.
Since we are still preparing the launch of the $TAL token, at this stage, bugs on functions that will only be used on the token phase of the protocol will not be considered.
Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System V2.1. This is a simplified 5-level scale, with separate scales for websites/apps, smart contracts, and blockchains/DLTs, focusing on the impact of the vulnerability reported.
Critical bug reports regarding Talent Protocol’s smart contracts - which can be found here - will be rewarded in USD 20,000, High bug reports in USD 10,000 and Medium ones in USD 1,000.
On top of these rewards stated, submitters of valid Critical/High severity bug reports will also be rewarded with a bonus amount of TAL once the TAL token launches.
Immunefi is the premier bug bounty platform for smart contracts and DeFi projects, where security researchers review code, disclose vulnerabilities, get paid, and make crypto safer. Immunefi removes security risk through bug bounties and comprehensive security services.
Launched on December 9, 2020, Immunefi focused on blockchain and smart contract security. Immunefi provides bug bounty hosting, consultation, bug triaging, and program management services to blockchain and smart contract projects.
Bug bounty programs are open invitations to security researchers to discover and disclose potentially vulnerabilities in projects’ smart contracts and applications, thereby protecting projects and their users. For their good work, security researchers receive a reward based on the severity of the vulnerability, as determined by the project affected.
- All smart contracts of Talent Protocol can be found at https://github.com/talentprotocol/contracts. However, only the Smart Contract - Factory and Smart Contract - Staking are considered in-scope of the bug bounty program.
- All Critical/High severity bug reports must come with a PoC with an end-effect impacting an asset-in-scope in order to be considered for a reward. Explanations and statements are not accepted as PoC and code is required. Critical/High severity bug reports must also come with a suggestion for a fix to be considered for a reward.
- Payouts are handled by the Talent Protocol team directly and are denominated in USD. Prior to the launch of the TAL token, payouts will be done in USDC or USDT, at the discretion of the team. However, after the TAL token is launched, payouts will be done in TAL.