DREAM believes in a program which establishes collaborative relations with security researchers for uncovering potential vulnerabilities to help protect sensitive user data and personal information from malicious activities.
We treat security and safety of data our top most priority and as such we are bringing bug bounty program for security researchers to find weakness and technical flaws against our infrastructure, web application, and, most importantly, our DREAM token sale.
Program Rules for You:
- Do not perform any sort of denial of service attacks or any sort of other attacks which can degrade server performance or compromised user data.
- Do not attempt to view, modify, or damage data belonging to others
- Do not disclose the reported vulnerability to othersUntitled 2 until it has been fixed or addressed.
Program Rules For Us:
- We will respond as quickly as possible to your submission.
- We will keep you updated regarding your submissions and fixes.
- We will not take legal action against you if you play by the rules and act in good faith.
Bug Bounty Eligibility:
- You must adhere to program rules.
- You must be first to report a vulnerability.
- In case of multiple reports for the same vulnerability, the first person to report bug will be rewarded with bounty.
- You must be available to supply additional information, as needed by our team, to reproduce and triage the issue.
- All rewards will be given in the form of DREAM Tokens.You must disclose your identity to receive payment.
Bug Bounty Scope:
Currently, we offer token reward from the DREAM Token Sale website for the following:
DREAM Token Sale— https://tokensale.dream.ac/This is our token sale website powered by blockchain and Ethereum based smart contracts.
Unless otherwise stated, the rules on https://bounty.ethereum.org apply to our bug bounty program for smart contract auditing and for our blockchain website.
DREAM Marketplace — https://dream.acThis is one of our core web applications. For our web application infrastructure, we are mainly interested in following vulnerabilities:
- Remote Code Execution
- Cross site scripting
- CSRF attacks on sensitive actions like in payment modules
- Sensitive information disclosures
- Server side request forgery
- XXE vulnerabilities
- Do not perform any sort of automated test which would affect server performance.
- CSRF issue on logout functionality
- CSRF on forms that are available to anonymous users
- Cookies that lack HTTP Only or Secure settings for non-sensitive data
- Self-XSS and issues exploitable only through Self-XSS
- Reports resulting from automated scanning utilities without additional details or a POC demonstrating a specific exploit
- Attacks requiring physical access to a user’s device
- Attacks dependent upon social engineering of DREAM LLC employees.
- SSL/TLS best practices
- Mail configuration issues including SPF, DKIM, DMARC settings
- DREAM LLC reserves the right to add or remove to this exclusion list
The value of rewards will vary depending on severity. The severity of a bug is determined according to the OWASP risk rating model based on Impact and Likelihood.All rewards will be given in the form of DREAM Token, and will be paid within 14 days of the completion of the token sale.
- Low: $500 in DREAM Token
- Medium: $1,000 in DREAM Token
- High: $2,500 in DREAM Token
- Critical: $10,000 in DREAM Token
Claims can be made on the DREAM Rewards website: https://tokensale.dream.ac/rewards with the DREAM Rewards terms located here.
What to include in your report:
- A well written report will allow us to more quickly and accurately triage your submission.
- A clear description of the issue, including the impact you believe it has to the user.
- Specific reproduction steps including the environment used for testing (browsers, devices, tools, configuration) and any accounts used during testing.
- Your recommendations to resolve the issue.
We may publicly post the bug report, and you will be given full credit for your work.
Legal: We reserve the right to modify terms and conditions of this program and your participation in the program constitutes acceptance of all terms. Please check this site regularly as we routinely update our program terms and eligibility, which are effective upon posting. We reserve the right to cancel this program at any time. Must be 18 or older to be eligible for an award.
The DREAM platform isn’t just another untested beta program on a white paper… It’s live and being used right now to hire blockchain professionals. The token sale will enable DREAM’s innovative team take DREAM to the next level by integrating A.I. and incorporating our platform token.Click here to browse talent, or sign up and list your services.
Click here to learn about our project and read our whitepaper.
Click here to learn more about our DREAM Rewards Campaign.
Subscribe to DREAM Blog
Get the latest posts delivered right to your inbox