ePrivacy and GPDR Cookie Consent management by TermsFeed Privacy Generator

Camino's Bug Bounty Program

Become a bug bounty hunter for the world's web3 travel ecosystem

4 step reporting flow


Web 2.0 severities and rewards

Rewards are at the discretion of our security team and will be based on the impact, severity and complexity of the vulnerability. Out-of-scope findings are not eligible for reward by default, but can be reviewed as set a severity after manual review.

If the submission is eligible, we will notify you and begin working on fixing the issue. Security team to triage the submission and assign its severity and impact levels. In case any additional information is needed, you will be contacted.

Submit vulnerabilities
Camino-Wallet
->
CaminoJS
->
Chain4Travel Website
->
Camino Network Website
->
Low severity
up to 250 USD FIAT + 5 000 CAM
Medium severity
up to 500 USD FIAT + 10 000 CAM
High severity
up to 2 500 USD FIAT + 30 000 CAM
Critical severity
up to 5 000 USD FIAT + 50 000 CAM

Camino GO
->
Camino Node
->
Camino ETH VM
->
Low severity
up to 2 500 USD + 75 000 CAM
Medium severity
up to 5 000 USD + 350 000 CAM
High severity
up to 25 000 USD + 750 000 CAM
Critical severity
up to 50 000 USD + 1 000 000 CAM

Web 3.0 severities and rewards

Rewards are at the discretion of our security team and will be based on the impact, severity and complexity of the vulnerability. Out-of-scope findings are not eligible for reward by default, but can be reviewed as set a severity after manual review.

If the submission is eligible, we will notify you and begin working on fixing the issue. Security team to triage the submission and assign its severity and impact levels. In case any additional information is needed, you will be contacted.

Submit vulnerabilities

Out-of-scope severities and vulnerabilities

Rewards are at the discretion of our security team and will be based on the impact, severity and complexity of the vulnerability. Out-of-scope findings are not eligible for reward by default, but can be reviewed as set a severity after manual review.

If the submission is eligible, we will notify you and begin working on fixing the issue. Security team to triage the submission and assign its severity and impact levels. In case any additional information is needed, you will be contacted.

  1. Out of scope severities and vulnerabilities
  2. ->
    Are a result of user error (e.g. weak passwords)
  3. ->
    Are disclosed publicly
  4. ->
    Are a result of automated tooling without a clear chain of exploitation
  5. ->
    Duplicate: have already been disclosed to us
  6. ->
    Affect outdated or unsupported version of the software
  7. ->
    Are related to physical security or social engineering

Important notices

1. Non-disclosure

We request that you do not disclose the vulnerability to any third parties until it has been fixed and we have had a chance to notify any affected parties. We will keep your submission confidential, but please note that we may need to share it with third parties (e.g. service providers) in order to fix the issue.

2. Responsible disclosure

We ask that all submissions follow a responsible disclosure policy. This means that you give us a reasonable amount of time to fix the vulnerability before disclosing it to the public. We will make every effort to fix the issue as soon as possible.

3. Response time

We will do our best to respond to submissions as quickly as possible. Our goal is to respond to all submissions within 14 business days. If your submission is eligible for a reward, we will notify you and begin working on a fix as soon as possible.

4. Changes to the program

We reserve the right to change the terms of this bug bounty program at any time. Any changes will be posted on this page.


Eligibility criteria:

In order to be eligible for a reward, you must:

  • Be the first person to report the vulnerability to us
  • Provide sufficient information for us to reproduce and fix the issue
  • In case of high and critical severity vulnerabilities introduce a PoC (Proof of Concept) on a local environment mimicking the production
  • Not be a current or former employee of Chain4Travel
  • Pass a KYC when required

Any questions?

If you have any questions about this program, please don't hesitate to contact us.

hello@camino.network
glas/stack - Camino Network

Camino is the travel industry blockchain. Fueled by the Camino token, it is offering a versatile network to expand current business models and to create new touristic products to delight travelers and business partners.