Bug Bounty - Camino Network

Find bugs, get rewards

Camino’s bug bounty program encourages independent security researchers to find and report vulnerabilities in our Web 2.0 and Web 3.0 systems. Join the hunt to help us shape the global web3 ecosystem for the travel industry.

4 step reporting flow

Start hunting for bugs

Search for vulnerabilities and report any that you discover. Rewards for eligible submissions are listed below.

Submit your report

Our security team will review the submission. If we need any additional information, we will contact you.

Triage by Hexens

If our partners consider the submission eligible, we will notify you to begin the process of fixing the issue.

Receive rewards

We will ask you to retest and verify the fix to get rewards and public acknowledgments (if you prefer to).

Severities & rewards

Rewards are at the discretion of our security team and will be based on the impact, severity, and complexity of the vulnerability. Out-of-scope findings are not eligible for a reward by default but can be reviewed as set severity after manual review.

Camino Network Protocol

Camino GO

https://github.com/chain4travel/caminogo

Camino Node

https://github.com/chain4travel/camino-node

Camino ETH VM

https://github.com/chain4travel/caminoethvm

Out-of-Scope

Out of scope severities and vulnerabilities
->
Multi Signature (not yet audited)
->
Are a result of user error (e.g. weak passwords)
->
Are disclosed publicly
->
Are a result of automated tooling without a clear chain of exploitation
->
Duplicate: have already been disclosed to us
->
Affect outdated or unsupported version of the software
->
Are related to physical security or social engineering

We use Hackenproof to submit and process payments. If the submission is eligible, we will notify you and begin working on fixing the issue. Security team to triage the submission and assign its severity and impact levels. In case any additional information is needed, you will be contacted.

Submit vulnerabilities

Reward criteria

Report vulnerabilities promptly and exclusively to Camino Network
Share comprehensive information for the issue resolution
Provide a PoC for critical-severity issues
Current or former employees of Chain4Travel are not eligible
Know-Your-Customer verification

Bug Bounty information

Non-disclosure

We kindly request that you refrain from disclosing any vulnerabilities to third parties until we have had a chance to fix the issue and notify any affected parties. We will keep your submission confidential, but please note that we may need to share it with third parties (e.g. service providers) to address the issue.

Responsible disclosure

We expect all submissions to adhere to our responsible disclosure policy. This means giving us a reasonable amount of time to fix the vulnerability before disclosing it to the public. We will make every effort to address the issue as soon as possible.

We aim to respond to all submissions promptly, within 14 business days. If your submission is eligible for a reward, we will notify you and start working on a fix as soon as possible.

Changes to the program

We reserve the right to make changes to the terms of this bug bounty program at any time. Any updates or modifications will be posted on this page.

Camino is the travel industry blockchain. Fueled by the Camino token, it is offering a versatile network to expand current business models and to create new touristic products to delight travelers and business partners.

Application Suite Documentation Whitepaper

Camino Network

Ecosystem Travel Validators Developers Community Blog

Organizational

Foundation Imprint Privacy Policy Terms of Use Code of Conduct Branding

Public Sale

Get CAM Disclaimer Terms & Conditions