# Metaverse.Network Bounties and Grants Metaverse.Network is an EVM-enabled blockchain network for user-created metaverses and games. The project the open-source project that energies the future of multi-metaverse vision. If you're a developer interested in building in the Metaverse.Network Ecosystem, there are grants and bounties available to incentivise well-developed, well-tested modules, features that benefits Metaverse.Network Ecosystem. Please contact <grants@metaverse.network> or telegram Repo maintainer @justinphamnz # :moneybag: Bug Bounties This bug bounty program from Metaverse.Network & Bit.Country platform is focused on preventing the critical bugs found. Please follow below detail for what is in scope and reward level: ### Threat level **:bangbang: Critical (up to 100,000 USD)**: transaction/consensus manipulation, double-spending, unauthorized token minting, governance compromise, getting access to an identity that can lead to unauthorized access to system’s or user’s assets. **:rotating_light: High (up to 50,000 USD)**: blocking or modifying processes for governance or users from performing their tasks, generating not handled on-chain errors. These actions can lead to blocking users or governance from accessing their assets or performing system functions. **:warning: Medium (up to 10,000 USD)**: Putting on-chain data into an unexpected state without interrupting the system or users from performing their tasks, e.g. generating redundant events, logs, etc. Critical vulnerabilities involving a direct loss of user funds, double spending, or the minting of tokens are capped at 10% of the economic damage, taking primarily into consideration the funds at risk or the amount of tokens that can be minted but also branding and PR considerations, at the discretion of the team. PoC is required for all submissions. Suggestion for a fix is not required, but its addition may be grounds for a bonus provided by the team at its discretion. Payouts are handled by the Metaverse.Network team directly in crypto tokens of their choices, valued at the US dollar market rates. ### A reward can only be provided if: * The Bug **wasn't reported** before. * The Bounty Hunter **does not disclose** the Bug to other parties or publicity until it's fixed by the Metaverse.Network Team. * The Hunter didn't exploit the vulnerability or allow anyone else to profit from it. * The Hunter reports a Bug **without** any additional conditions or threats. * The investigation was **NOT** conducted with Ineligible methods or Prohibited Activities, defined in this document. * The Hunter should reply to our additional questions regarding the reproduction of the reported bug (if they follow) within a reasonable time. * When duplicate bug reports occur, we reward only the first one if it's provided with enough information for reproduction. * When multiple vulnerabilities are caused by one underlying issue, we will reward only the first reported. * The vulnerability is found in runtime pallet of **Pioneer** (no tests, or modules that aren’t in runtime, e.g. live, can be considered as vulnerability) ### Bugs in scope: * **Transaction/consensus manipulation**, * **Double-spending**, * **Unauthorized token minting**, * **Governance compromise**, * **Getting access to an identity that can lead to unauthorized access to system’s or user’s assets.** * **Blocking or modifying processes for governance or users from performing their tasks, generating not handled on-chain errors**. * **Putting on-chain data into an unexpected state without interrupting the system or users from performing their tasks, e.g. generating redundant events, logs, etc.** ### Out of Scope The following vulnerabilities are **excluded** from the rewards for this bug bounty program: * Attacks that the reporter has already exploited themselves, leading to damage * Attacks requiring access to leaked keys/credentials * Attacks requiring access to privileged addresses (governance, strategist) * DDOS attack * Denial of service attacks * Spamming * Any physical attacks against Metaverse.Network property, or employees * Phishing or other social engineering attacks against Metaverse.Network or Bit.Country’s employees The following activities are **prohibited** by this bug bounty program: * Any testing with mainnet or public testnet contracts; all testing should be done on private testnets * Attempting phishing or other social engineering attacks against our employees and/or customers * Any testing with third party systems and applications (e.g. browser extensions) as well as websites (e.g. SSO providers, advertising networks) * Any denial of service attacks * Automated testing of services that generates significant amounts of traffic * Public disclosure of an unpatched vulnerability in an embargoed bounty # 📝 Grants Guidelines Here are the list of eligible grants and features for developers and team add value into Metaverse.Network ecosystem * Currencies pallet precompile * Balance pallet precompile * NFT pallet precompile * Metaverse pallet precompile * Economy pallet precompile * Continuum pallet precompile * EVM-compatible NFT Bridge * Ultility tools ### :rocket: Deliverables Modules deliverables shall be submitted via email to <grants@metaverse.network>, and follow the guidelines below: * **Code completeness**: please ensure submitted modules contains complete codebase that is compilable and runnable. * **Tests**: provide step-by-step guide to demonstrate how the code achieves the modules. It should contain unit tests, integration tests, and user acceptance tests (steps to perform actions on a mobile/web app if applicable). * **Deployment and running application (if applicable)**: provide step-by-step guide to deploy and run the contracts, protocols and application programs * **License**: be sure to include license for each file. * **Documentation**: provide documentation for APIs, architecture and overview of the project, algorithms and mechanisms of the protocols, tutorials and articles that articulate using the protocols and applications. * **List each modules deliverable**: provide enough details e.g. links to specific code/repo location, documentation and guide so that we can easily verify the deliverables against the original application.