Curated Collection Bug Bounty Program

Today, we are announcing Emblem Vault’s Bug Bounty Program to our community and interested parties. The program will test new Emblem Vault contracts that create curated collections for Historical NFTs and Digital across many blockchains. During the last six years, Emblem has created a variety of products that have crossed into the world of DeFi and NFTs. Meanwhile, the last eighteen months has proven to us that Emblem Vault and the NFT community have found a market-product fit that we are ready to pursue together.

How the Program Works

Current industry standards utilize the Common Vulnerability Scoring System (CVSS) v3.1 to calculate the severity of a software vulnerability across multiple dimensions, including impact, exploitability, remediation, etc. We’ve opted to do the same with our bug bounty program.

At present, our program stands as following:

To qualify for a bounty, all reports must be emailed to “[email protected]” and include:

• A write-up summarizing the bug, the steps needed to reproduce it, its impact to Emblem Vault’s Curated Collection, and (optionally) any recommendations to resolve the issue.
• The CVSS v3.1 vector. This can be found on the National Vulnerability Database’s Calculator. An example of this would be AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H.
• A proof of concept, including all code needed to reproduce, with detailed instructions of how to do so.

The maximum total payout is then determined by the CVSS v3.1 score.

Low (0.1–3.9) Up to $500 USD

Medium (4.0–6.9) Up to $1,500 USD

High (7.0–8.9) Up to $2,500 USD

Critical (9.0–10) Up to $5,000 USD

These payouts represent the maximum amount for a confirmed vulnerability. To receive the full amount, a report will be expected to provide the following.

• Well written submissions that are able to describe the issue and impact to a non-technical audience.
• A well documented proof of concept that allows for easy reproduction of the issue.
• Clear and actionable steps that can be taken to resolve the issue.

Amounts will be paid in COVAL using the price at ~9:00am US-EST on the day of disbursement.

In the event that multiple people submit the same issue, the earliest and most complete entry will be honored.

Only vulnerabilities affecting the following repositories will be eligible for payment rewards:

“https://github.com/EmblemCompany/emblem-vault-solidity/tree/RC1.1”

• Vault Handler Contract: Deployed here
• ERC1155 Contract: Deployed here
• Online Claims Contract: Deployed here

Out of scope:

• DDoS: Any attacks on infrastructure are considered out of scope.
• Phishing: Any attacks on company personal, or users are out of scope.
• Third party services: Any attacks on services of, or that use
  Emblem Vault are out of scope.

Quick Summary

Emblem Vault is offering a two week Bug Bounty Program beginning on December 15th at 9:00am EST and ending on December 31stat 9:00am EST. There are 4 levels of bounties that will be paid out beginning at $500 and ending at $5,000. An individual is eligible for multiple payouts determined by the score of vulnerabilities found within the codebase. All bugs are to be emailed to “[email protected]” and are to follow the criteria listed above.

For any further questions you can reach out to Emblem Vault at:

• Twitter.com/EmblemVault
• Emblem Vault Telegram Chat

For any further information about Emblem Vault can be found at:

• Linktree

‍