译文/Translated:
两周前,我们发布了eosfinex testnet(测试网),这让eosfinex开发团队十分兴奋。
获得了这一阶段性成功后,我们将转而专注于我们即将推出的beta版退出程序,以此标志着eosfinex的全面推出。
为推进这一进程,我们很高兴宣布启动eosfinex 漏洞奖励计划,发掘潜在漏洞的奖金高达1万美元。
说明
- eosfinex UI可在paper.eosfinex.com/#/查找。
- 侧链API eos节点HTTP API、交易合约“eosfinex”,以及代币合约“eosio.token”在api-paper.eosfinex.com查找。
- 我们在mainnet上使用“finexpaprgtw”作为网关账户。所有转移到侧链的交易都将经过此账户。
- WebSocket API位于:wss://api-paper.eosfinex.com/ws/。
- WebSocket客户库,已经开源:github.com/bitfinexcom/sunbeam
- 历史数据导入器:github.com/bitfinexcom/moonbeam-history
- 实用程序REST终端: github.com/bitfinexcom/moonbeam
URL:api-paper.eosfinex.com/rest
漏洞奖励规则
- eosfinex团队将依据普遍漏铜奖励严重等级对eosfinex漏洞奖励进行判断。
- 只有与软件相关的安全漏洞会计算在内。
- 若提交的问题获得确认,奖励将直接发放给第一个提交该问题的人员。
资格
对网站安全或系统整体性具有严重威胁的漏洞都可计算在内。请记住,所有问题都由eosfinex团队进行判断。
这包括(在某些情况下):
- 跨站请求伪造(CSRF)
- 跨站脚本(XSS)
- 远程执行代码(RCE)
- 代码注入
- 权限提升
- 认证绕过
- 点击劫持
- 敏感数据泄露
提交
请直接提交至forms.gle/2Ty1rcEfNRkrBqnC6。提交时请包括以下内容:
- 对攻击媒介的完整描述。
- 再现其威胁的必要步骤。
- 预期结果以及实际结果的概述。
- 您的邮件地址。
- EOS收款地址。
我们期待收到您提交的问题,并期待在您的帮助下准备推出eosfinex mainnet。
eosfinex开发团队将在Telegram channel进一步积极地探讨任何潜在的问题。
请在paper.eosfinex.com试用eosfinex testnet。
请在Tutorials and Lessons观看教程,学历如何使用eosfinex beta版本。
请在Twitter、Telegram以及LinkedIn上关注eosfinex最新开发项目和公告。
原文/Original:
Two weeks ago we launched the eosfinex testnet to great excitement from the eosfinex development team.
With a huge milestone reached, our attention has now shifted towards our upcoming beta exit to signal the complete launch of eosfinex.
To assist with this we are pleased to announce the start of the eosfinex bug bounty program, featuring rewards worth up to $10000 for the discovery of potential exploits.
Specifications
- The eosfinex UI can be found at paper.eosfinex.com/#/.
- The sidechain API eos node HTTP API is at api-paper.eosfinex.com with the contract “eosfinex” for the exchange and “eosio.token” as the token contract.
- On mainnet we use “finexpaprgtw” as gateway account. All transfers to our sidechain go through this account.
- The WebSocket API is located at: wss://api-paper.eosfinex.com/ws/.
- Our WebSocket client library, already open-source: github.com/bitfinexcom/sunbeam.
- Importer for historical data: github.com/bitfinexcom/moonbeam-history.
- A utility REST endpoint: github.com/bitfinexcom/moonbeam / URL: api-paper.eosfinex.com/rest.
Bug Bounty Rules
- The eosfinex bug bounty will be judged according to common bug bounty severity classifications as judged by the eosfinex team.
- Only software-related security bugs count.
- If a submission is accepted, payouts will go to the first submitter of the issue.
Eligibility
Any bug that acts as a serious vulnerability, either to the security of our site or the integrity of our system, can be eligible. Please keep in mind that all issues are up to the discretion of the eosfinex team.
This includes (in some cases):
- Cross-Site Request Forgery (CSRF)
- Cross-Site Scripting (XSS)
- Remote Code Execution (RCE)
- Code Injection
- Privilege Escalation
- Authentication Bypass
- Clickjacking
- Leakage of Sensitive Data
Submissions
Please direct all submissions towards forms.gle/2Ty1rcEfNRkrBqnC6. Please include the following components:
- A complete description of the attack vector.
- Steps required to reproduce the vulnerability.
- An overview of expected vs actual results.
- Your email address.
- EOS address for payment.
We look forward to reviewing your submissions and preparing eosfinex for mainnet launch with your help.
The eosfinex development team will be active in our Telegram channel to discuss any potential issues further.
The eosfinex testnet is here! Try it out on paper.eosfinex.com.
For tutorials on how to navigate the eosfinex beta, visit ‘Tutorials and Lessons’.
Follow eosfinex on Twitter, Telegram & LinkedIn for up-to-date developments and announcements.
原文链接/Original URL:
