Decubate’s Bug Bounty program rewards community members for discovering and reporting bugs. The scope of the bounty will be limited to DecubateCrowdfunding.sol, DecubateVesting.sol, DCBToken.sol and the contracts they inherit from.

In the same manner as the Ethereum Bug Bounty Program, submissions will be evaluated by the Decubate team according to the OWASP Risk Assesment Framework, which grades based on both Impact and Likelihood.

Our crowdfunding contract facilitates transactions of BEP20 tokens between startups and investors. The crowdfunding contract utilizes the ERC20 standard to transfer token balances between counterparties. After approving the contract to transfer their balance, an investor submits a signed order by calling a function “fill”. This function then calls “transfer” on each respective token to complete the investment.

Crowdfunding

CONTRACT

The token contract is based on ERC20, but includes some special features. First, the contract owner may lock the transfer tokens to a set of addresses. This function is initially built to decrease the impact of sniping bots, and it gives us the ability to pause transfers in case of a major security vulnerability.

Token

CONTRACT

• Bounties go to the first to report.
• Don’t steal or attempt to steal others' funds.
• Don’t publicly disclose a bug before it has been fixed.
• Paid auditors of this code are not eligible for rewards.
• Issues that are mentioned in the security audits are not eligible.
• Non-security critical issues (style issues, gas optimizations) are not eligible.
• Determinations of eligibility, score and all terms related to an award are at the sole and final discretion of the Decubate team.