Siriux Bug Bounty Program
Earn rewards by identifying security vulnerabilities in the Siriux blockchain ecosystem.
π‘οΈ Siriux Bug Bounty Program
π’ 1. Introduction: Why This Program Exists?
The Siriux Bug Bounty Program encourages ethical security research to improve the security and reliability of our decentralized blockchain infrastructure.
πΉ We value the security community and their role in identifying vulnerabilities.
πΉ Your contributions help build a more secure, trustless, AI-powered ecosystem.
πΉ Rewards are available for valid reports that enhance blockchain security.
By participating, you strengthen the future of decentralized finance.
π¦ 2. Scope & Rules of Engagement
π In-Scope Targets:
β
Siriux Blockchain β Consensus, validator nodes, transaction processing
β
Smart Contracts β Core protocols, token contracts, governance mechanisms
β
APIs & Developer Tools β Public and private API endpoints
β
Validator & Network Security β Node configurations, consensus integrity
β οΈ Strictly Out-of-Scope:
β Social engineering (phishing, vishing, smishing)
β Denial-of-service (DoS) attacks
β Unauthorized access or tampering with user data
β Attacks that degrade the performance of Siriux services
π Valid Reports Must Include:
- Clear, step-by-step reproduction
- Proof-of-concept (PoC) where applicable
- Security impact assessment
Only well-documented reports will be considered for rewards.
π 3. Allowed Testing & Identity Guidelines
π Tester Identity Rules:
πΉ You may only interact with test accounts you create.
πΉ Do NOT target official Siriux admin/support accounts.
πΉ Use designated tags for testing (e.g., siriuxbb-tester@domain.com).
β οΈ Prohibited Testing Actions:
β Attempting to access real user accounts
β Engaging in unauthorized financial transactions
β Modifying, destroying, or corrupting blockchain data
Security research must be conducted ethically and responsibly.
π§ 4. Testing Tools & Rate Limits
βοΈ Automated scanning tools must follow these guidelines:
β
Request limit: Max 5 requests per second to any Siriux service.
β
Third-party interactions must be within your control (no external blind testing).
β Not Allowed:
- Using third-party tools without explicit permission
- Running blind XSS, SSRF, or other automated attacks on external domains
- Flooding the network with high-volume test transactions
Follow these guidelines to avoid unnecessary disruptions.
π 5. Responsible Disclosure Policy
πΉ Report vulnerabilities immediately upon discovery.
πΉ Keep findings confidential until Siriux resolves the issue.
πΉ One vulnerability per report, unless chaining attacks to demonstrate higher impact.
πΉ Duplicate submissions: Only the first valid report receives a reward.
Ethical disclosure ensures fair rewards and quick security fixes.
π° 6. Reward System & Payment Structure
π° Rewards are based on impact and severity. Siriux follows the CVSS scoring system to determine bounty payouts.
| Severity Level | CVSS Score | Reward (Up to) |
|---|---|---|
| π΄ Critical | 9.0 - 10.0 | $100,000 |
| π High | 7.0 - 8.9 | $50,000 |
| π‘ Medium | 4.0 - 6.9 | $10,000 |
| π’ Low | 0.1 - 3.9 | $1,000 |
π Reward Adjustments:
β Higher payouts for novel attack vectors.
β Bonus incentives for complex exploit chains.
β Lower rewards if mitigations already exist.
The better the report, the higher the bounty!
β οΈ 7. Whatβs Not Eligible for Rewards?
Certain vulnerabilities will not be rewarded, unless they are part of a larger exploit chain.
β Clickjacking on non-sensitive pages
β Unauthenticated CSRF with no critical impact
β SPF/DKIM/DMARC misconfigurations
β Attacks requiring MITM or physical access
β Issues in outdated/deprecated software
β Content spoofing without an actionable exploit
Focus on meaningful vulnerabilities that improve security.
βοΈ 8. Legal & Safe Harbor Commitment
πΉ Siriux supports ethical security research and will not pursue legal action against researchers who:
β
Follow program rules and do not engage in malicious activity.
β
Act in good faith to protect user security.
β
Report vulnerabilities responsibly without sharing findings externally.
β οΈ Restrictions Apply:
β Researchers in sanctioned countries (e.g., North Korea, Iran, Cuba) are not eligible.
β Siriux employees and their family members cannot participate.
We protect ethical researchers who follow the rules.
π 9. Get Started: Begin Your Security Research
π οΈ Step 1: Read the scope & rules carefully.
π Step 2: Set up your test environment using designated accounts.
π΅οΈββοΈ Step 3: Start hunting for security vulnerabilities in Siriux!
β
Make Siriux more secure. Your efforts build a stronger decentralized future.
π Start testing today!
π― Final Notes
πΉ All valid reports receive recognition and appreciation from Siriux.
πΉ For any questions, reach out via our official security team channels.
πΉ Together, we can create a safer blockchain ecosystem!
