After great community collaboration DYOR has rebranded into CryptoWiki.me 🥳 a moment to celebrate!
From now on all new information will be added within the CryptoWiki.mecommunity website! No longer over here. So be sure to move over to stay on top of new research developments!
Same content - better & cleaner experience 🤝
DYOR started out in 2015 on Fandom and has now grown to ~3500 pages on CryptoWiki.me 🤩
All the information that you can find in these pages is public knowledge with sources provided. The community is encouraged to add truthful and unbiased entries to further this body of work.
Follow @cryptowiki_me on Twitter to be up to date on pages being created or edited.
- A reward given by a projects team or developers to anyone who finds bugs in their systems. Projects who do not have a bug bounty program are likely to have more risk.
- From Consensys Diligence (2-3-2020):
"For talented hackers, there are strong financial incentives to attack DeFi protocols. Having a bounty program in place creates a financial incentive to report vulnerabilities rather than exploit them. Reporting a vulnerability through a bounty program is also good for a hacker’s reputation, and the added benefit of not being illegal.
Any company running a DeFi protocol, with people’s money on the line, should have a bounty program. Here are some good questions you can ask about their program and disclosure process:
- Is the source code of your contracts publicly available?
- Is it easy to find the security contact information on your website and git repos?
- Do you have a bounty program on your contracts?
- Which contracts are in scope?
- What is the range of bounty payments?
- Have you ever made a bounty payment?
- Have you ever denied payment on a bug report?
- Is it easy to find details of the bounty program on your website and git repos?
Ideally this information would all be found at “website.com/security” and make use of GitHub’s SECURITY.md feature."