Sky Mavis, a game-building platform that hatched Axie Infinity, has announced the launch of its Bug Bounty Program. The program is designed to help users responsibly disclose security vulnerabilities that may be discovered while playing the game.
According to the platform, the security of its users is its priority and it is striving to offer the most secure platform to them.
Sky Mavis measures disclosed security issues based on the critical security impacts on the use and the ecosystem. The Bug Bounty Program will reward individuals that are eligible for the vulnerabilities reports and compensation.
Highlights of the Sky Mavis Disclosure Guidelines
Participating in this program requires that you strictly follow the guidelines of Sky Mavis Disclosure. Here are the highlights of these guidelines:
- When you notice anything during the process of bug investigation, you cannot report it on social networks or to any blog without the approval of Sky Mavis. This is to respect and protect the privacy of other users.
- While researching, you must not do automated testing, phishing, spoofing, spamming, social engineering, or further attacks, among others.
What Rewards/Ratings are involved?
The Sky Mavis Bug Bounty Program references Bugcrowd Vulnerability Rating Taxonomy. It uses this for the rating/prioritization of findings. It is worth mentioning that the actual ratings/prioritization may differ from the full Bugcrowd Vulnerability Rating Taxonomy.
Rewards for the reports will be paid in $AXS. After submitting your report, wait for confirmation that it has been accepted. Next, submit your email address or Ronin wallet address to claim your reward.
It is worth mentioning that the program will reward the first person that disclosed the bug to Sky Mavis. It is worth mentioning that the reward may be as high as $1,000,000, depending on the severity of the findings.
How to Report Security Vulnerability in the Sky Mavis Bug Bounty Program
When you discover a security vulnerability, you can go ahead to report it. To do this, you can send a report to email@example.com.
While sending, make sure you send your contact details, the IP addresses where the security vulnerability has been discovered, a compressed archive with files that can help reproduce the flaw, details of the type of identified vulnerability, and the given PGP key. The PGP key can be found on the dedicated Sky Mavis blog site.