Sherlock V2
  • 👋Intro to Sherlock
  • 🙋FAQ
  • 📚Glossary
  • ‼️Disclaimers
  • Audits
    • 🧑‍💻Protocol Teams
      • How it Works for Protocols
      • Audit Timeline
      • Scheduling Process
      • Audit Preparation
      • Protocol Involvement During the Audit Process
      • Protocol Involvement Post-Audit
      • Rescheduling and Cancellations
      • Interim Updates and Upgrades
    • 🕵️Watsons
      • Lead Senior Watson Selection Process
      • Fix Review Process
      • Contest Points
      • How to Score Issue Points in a Contest
      • Meeting the Payout Criteria
      • Leaderboard Points Example
      • FAQ
    • 🧑‍⚖️Judging
      • Judging Conduct Guidelines
      • Criteria for Issue Validity
        • Criteria Changelog
      • Lead Judge
      • 🧑‍⚖️Community Judging
      • Dedicated Judge
      • Discussion
      • Sherlock's Exclusive Judging Apprentice Program
    • 🤝Referral Program
  • Bug Bounties
    • 🌱Pre-Launch Bounty
    • 🚀Post-Launch Bounty
      • 📜Platform Rules
      • ⚖️Dispute Resolution
  • Coverage
    • 🛡️Sherlock Shield
    • 💰Stakers
      • Overview
      • Lockup Period
      • Payout Flow
      • Staking APY
    • 🧑‍💻Protocol Teams
      • Getting Started
      • Coverage Premiums
      • Pricing
      • Composability and Coverage
      • Payout Flow
      • FAQ
    • 📝Claims
      • Claims Process
  • Tokens
    • SHER
    • Receipt NFTs
  • Governance
    • Roles
  • Developer
    • Overview
    • Stake Position Lifecycle
    • Claim Lifecycle
    • Protocol Lifecycle
    • SHER Distribution
    • Deployed Contracts
    • Contract Reference
    • Audits
Powered by GitBook
On this page
  • Whitehats
  • Protocol Customers
  1. Bug Bounties
  2. Post-Launch Bounty

Platform Rules

In order to facilitate cordial and productive exchanges between protocol customers and whitehats, Sherlock has established a set of rules for whitehats and protocol customers to define proper conduct.

Breaking these rules as a whitehat could result in removal or ban from the Sherlock platform and/or withholding of payout.

Breaking these rules as a protocol team could result in removal from the Sherlock platform and/or provide cause for breakage of the mutually signed agreement.

Whitehats

Ethical Standards

  • Adhere to ethical standards and legal guidelines. Any actions that compromise the integrity, privacy, or availability of systems beyond what is necessary for testing are strictly prohibited.

  • No harm: Ensure that your testing does not negatively impact users or infrastructure.

  • Always default to the assumption that the protocol team has good intentions.

  • Do not threaten, blackmail, dox, or otherwise create a negative environment for the protocol customer.

  • Do not communicate with the protocol customer outside of the official channel provided by Sherlock

  • By submitting a vulnerability through Sherlock, you are agreeing to abide by the outcome of the Sherlock dispute resolution process

Testing Environment

  • Replicating tests on public mainnet or testnet is prohibited. All testing should be conducted on local forks of either testnet or mainnet.

  • Use only authorized environments for testing to avoid any unintended disruptions or security risks.

  • Avoid testing with external dependencies and third-party systems not controlled by the protocol customer to avoid any leaks of the potential vulnerability

Service Disruptions

  • Any denial of service attacks that are executed against project assets are strictly forbidden.

  • Automated testing of services that generates significant amounts of traffic is not permitted.

Vulnerability Disclosure

  • Do not publicly disclose vulnerabilities before they are resolved. Reports must be submitted through the Sherlock platform, and we will notify you when it is safe to disclose.

  • Do not discuss (publicly or otherwise) any aspect of a submitted vulnerability without consent from the protocol customer

  • Report via Sherlock: Use the official reporting channels to submit your findings.

  • Never exploit a vulnerability or threaten to do so

  • Do not attempt to rescue funds without the written consent of the protocol customer

  • Publicly known bugs or bugs reported in a previous audit are never eligible for payout or reimbursement of deposit

Payouts

  • Do not try to cajole a protocol customer into paying you. Always use the provided Sherlock resolution mechanisms.

Protocol Customers

Ethical Standards

  • Do not communicate with the whitehat outside of the official channel provided by Sherlock.

  • Do not pay whitehats who submit bugs on Sherlock outside of Sherlock’s designated channel or without Sherlock’s consent.

  • Do not claim a bug report is a known or duplicate issue without clear evidence of where it was publicly available before the whitehat’s submission timestamp.

  • Always default to the assumption that the whitehat has good intentions.

  • By listing your bug bounty program on Sherlock, you are agreeing to abide by the outcome of the Sherlock dispute resolution process.

PreviousPost-Launch BountyNextDispute Resolution

Last updated 9 months ago

🚀
📜