Polemos offers rewards for finding and reporting certain types of vulnerabilities and exploitation techniques on the Polemos Forge (forge.polemos.io subdomain).
We welcome reports for any vulnerability that could realistically place the online security of our Forge (and/or our customers), and these reports might be rewarded appropriately.
However, to qualify for any rewards, the report must be a new (previously unreported) vulnerability in order to be eligible for reward or recognition.
Additionally, the vulnerability must not have been found through social engineering or similar attacks on Polemos infrastructure/staff or using 0day vulnerabilities.
We are specifically interested in receiving reports on issues that could have some of the following impacts:
- Directly or indirectly affect the accuracy of Forge assets including asset prices;
- Cause or result in financial loss for Polmos or its customers
- Interfere with or bypass security controls or mechanisms; unauthorised change or usage
- Compromise our users through attacks on our site.
A legitimate example which would qualify for rewards would be a DB injection through an previously unknown exploit on our smart contract. Or a critical vulnerability that could allow remote privilege escalation.
Please note that every report is subject to review and rewards are at the discretion of Polemos.
Vulnerabilities that are disclosed to any party other than Polemos, including vulnerability brokers, will not qualify for reward. This includes both public disclosure and limited private release.
Please send your reports to techsupport@polemos.io.
In describing the vulnerability include all necessary details required for reproducing the vulnerability as well as the tools required.
Please recognize that Polemos operates a complex environment and the amount of time required to address a reported issue can vary from a few hours to several months. You are unlikely to receive notification of the final outcome of our remediation efforts. Polemos cannot provide updates on remediation efforts: in progress or otherwise.
Polemos reserves the right to discontinue this Disclosure Program at any time without notice at its sole discretion.