MELONPORT AG BUG BOUNTY PROGRAM
In order to test the security of our asset management smart contract system, referred to as Software, and thereby to detect possible bugs in its implementation, Melonport AG will launch a Melon fund on the Ethereum mainnet for a period of approximately two weeks. The Melon fund smart contract deployed at the address of 0x07DF3a090599dF552C00C60604c14A08B95D93d5 with source code of https://github.com/melonproject/protocol/tree/5e2c6615fabf26719df43d45893ab69e635ed634 referred to as Melonport Bug Bounty Fund, will be funded with 500 Melon token by Melonport AG, referred to as Bug Bounty Price, and managed by the company.
We invite and challenge our community to try and extract the 500 Melon token with technical means e.g. by finding a vulnerability in the Melonport Bug Bounty Fund. In case all or a portion of the 500 Melon token can be extracted from the Melonport Bug Bounty Fund, the successful participant (“User”) in this bounty program may keep the 500 Melon token extracted from the Melonport Bug Bounty Fund.
TERMS FOR BUG BOUNTY PROGRAM
Melonport AG is intended to be the only party that can send Melon tokens to the Melonport Bug Bounty Fund deployed for the purpose of this challenge. This Bug Bounty Program does however not relate to User funds, tokens, virtual currencies or assets sent to the Melon fund by anyone other than Melonport AG for which Melonport AG takes no liability.
Melonport AG holds no liability towards any User funds, tokens, virtual currencies, assets or User time lost which results in a User loss with respect to this challenge. No tokens owned by any Users are put intentionally at risk by Melonport AG.
In the event that User has critical information regarding the safety of the funds within the Melonport Bug Bounty Fund which is different than extracting the funds from the contract (eg. by locking up the funds, destroying the funds, or other) - user has to report the bug to firstname.lastname@example.org with the subject “BUG BOUNTY - VULNERABILITY REPORT”. Vague, unclear or incomplete reports will be deemed invalid and will not result a payout of any bug bounty amounts. In case the report is deemed valid by Melonport AG and the vulnerability has not been executed, then Melonport AG may decide to reward the first person reporting this vulnerability with an amount of up to 500 MLN, subject to complying with Melonport’s KYC/AML requirements for the proposed amount.
The Melonport Bug Bounty Fund and this Bug Bounty Program are temporary and can be terminated by Melonport AG at any time for any reason whatsoever and without prior warning. In this case, the Bug Bounty Price will not be assigned to any User.
Only means of technical extraction using software directed at the Melonport Bug Bounty Fund are admitted as part of the Bug Bounty Program. Any other means of extractions (i.e. any action which compromise the private key of Melonport AG, physical violence or other non-software related means) may lead to criminal prosecution. Your testing must not violate any laws or compromise any data that is not yours.
Only means of technical extraction using software directed at the Bounty Melon Fund are admitted as part of the Bounty Program. Any other means of extractions (i.e. any action which compromise the private key of Melonport AG used to hold and manage the shares of the Bounty Melon Fund, physical violence or other non-software related means) may lead to criminal prosecution.
Users are responsible for payment of all applicable taxes as per their country and jurisdictions. Individuals who are on US, Swiss, European (or other) sanctions lists or who are citizens or residents of sanctioned / embargoed countries (eg. North Korea, Iran, etc) may not participate.
This Agreement, shall be governed by, interpreted and construed in accordance with the substantive laws of Switzerland. The competent courts of Zug, Switzerland, shall have exclusive jurisdiction for all disputes arising out of or in connection with this Agreement.