ePrivacy and GPDR Cookie Consent management by TermsFeed Privacy Generator

Camino Network

Find bugs, get rewards

Camino’s bug bounty program encourages independent security researchers to find and report vulnerabilities in our Web 2.0 and Web 3.0 systems. Join the hunt to help us shape the global web3 ecosystem for the travel industry.

4 step reporting flow
generic-02
Start hunting for bugs

Search for vulnerabilities and report any that you discover. Rewards for eligible submissions are listed below.

generic-10
Submit your report

Our security team will review the submission. If we need any additional information, we will contact you.

generic-11
Triage by Hexens

If our partners consider the submission eligible, we will notify you to begin the process of fixing the issue.

generic-12
Receive rewards

We will ask you to retest and verify the fix to get rewards and public acknowledgments (if you prefer to).

Severities & rewards
Rewards are at the discretion of our security team and will be based on the impact, severity, and complexity of the vulnerability. Out-of-scope findings are not eligible for a reward by default but can be reviewed as set severity after manual review.
Out-of-Scope
  1. Out of scope severities and vulnerabilities
  2. ->
    Multi Signature (not yet audited)
  3. ->
    Are a result of user error (e.g. weak passwords)
  4. ->
    Are disclosed publicly
  5. ->
    Are a result of automated tooling without a clear chain of exploitation
  6. ->
    Duplicate: have already been disclosed to us
  7. ->
    Affect outdated or unsupported version of the software
  8. ->
    Are related to physical security or social engineering
We use Hackenproof to submit and process payments. If the submission is eligible, we will notify you and begin working on fixing the issue. Security team to triage the submission and assign its severity and impact levels. In case any additional information is needed, you will be contacted.
Submit vulnerabilities
Reward criteria
  • Report vulnerabilities promptly and exclusively to Camino Network
  • Share comprehensive information for the issue resolution
  • Provide a PoC for critical-severity issues
  • Current or former employees of Chain4Travel are not eligible
  • Know-Your-Customer verification
Bug Bounty information
Non-disclosure

We kindly request that you refrain from disclosing any vulnerabilities to third parties until we have had a chance to fix the issue and notify any affected parties. We will keep your submission confidential, but please note that we may need to share it with third parties (e.g. service providers) to address the issue.

Responsible disclosure

We expect all submissions to adhere to our responsible disclosure policy. This means giving us a reasonable amount of time to fix the vulnerability before disclosing it to the public. We will make every effort to address the issue as soon as possible.

We aim to respond to all submissions promptly, within 14 business days. If your submission is eligible for a reward, we will notify you and start working on a fix as soon as possible.

Changes to the program

We reserve the right to make changes to the terms of this bug bounty program at any time. Any updates or modifications will be posted on this page.

Submit vulnerabilities

Camino is the travel industry blockchain. Fueled by the Camino token, it is offering a versatile network to expand current business models and to create new touristic products to delight travelers and business partners.

© 2024 Camino Network Foundation. All rights reserved.