The severity of a bug, i.e. how many participants in the Stellar network are affected, is taken into consideration when deciding the bounty payout amount. For example, an exploit that relies on an implementation bug in stellar-core affects the network as a whole and very deeply. There are no alternate implementations of stellar-core and so a payout that affects stellar-core would pay out higher than for example, an XSS bug.

1.1 The Bounty Program is only open to: (a) Eligible Individuals, as defined in Section 1.3 below; (b) teams of Eligible Individuals (“Teams”); and (c) organizations (e.g., corporations, limited liability companies, partnerships, and other corporate entities) that consist of Eligible Individuals and that are duly organized or incorporated and in good standing at the time of submission (“Organizations”). Eligible Individuals, Teams, and Organizations are collectively referred to herein as “Participants.”

1.2 When a Team or Organization submits materials to the Bounty Program, they should authorize a single Eligible Individual (a “Representative”) to represent, act, and prepare the submission on their behalf. By entering a submission on behalf of a Team or Organization, you are representing that you are authorized to act on behalf of such Team or Organization.

1.3 An “Eligible Individual” is a natural person who:

• is the greater of: (i) 18 years of age or (ii) the minimum age that is legally permitted to use and hold cryptocurrencies and/or to participate in the Bounty Program in the jurisdiction where such person resides;
• is not located in, under the control of, or a national or resident of Cuba, Iran, North Korea, Syria, any Russian-controlled regions of Ukraine, or any other country or region subject to sanctions by the U.S. Department of Treasury Office of Foreign Asset Control (“OFAC”), as may be updated from time to time;
• is not identified on the Specially Designated Nationals or Blocked Persons list provided by OFAC; and
• does not reside in a jurisdiction where the transfer and holding of cryptocurrency is illegal or would require a special license or authorization that such person does not possess.

1.4 Applicable law and our internal policies restrict SDF from providing XLM awards to certain categories of projects. The following types of projects will not be considered for the Bounty Program (or any XLM award in connection therewith):

• violates any applicable laws, regulations, orders, judgements or rules or infringes or violates any proprietary right of any party, including patent, trademark, trade secret, copyright, right of privacy, right of publicity, or other rights;
• involves, facilitates, supports, or promotes unlawful activities, including, but not limited to: fraud, drug trafficking, purchases on dark web markets, theft, illegal arms trafficking, human trafficking, abduction, extortion, embezzlement, corruption of public officials, acts of terrorism or terrorist financing, and intellectual property violations;
• involves, facilitates, or promotes gambling;
• is offensive, deceptive, harmful, or libelous;
• is or contains sexually obscene content;
• is discriminatory or abusive toward any individual or group; or
• contains, transmit, or instills malware or phishing pages or devices.

If you are unsure whether your submission or project falls into one or more of these categories, please contact us at [email protected] to discuss.

1.5 SDF complies with all applicable laws and regulations in the distribution of XLM awards. If your bounty submission is selected for the Bounty Program, you, your Team or your Organization (as applicable) will be required to complete certain compliance checks and submit certain tax forms to facilitate the receipt of any XLM award under the Bounty Program. Failure to submit appropriate documentation or failure to pass the required compliance checks may result in your disqualification from consideration. SDF is under no obligation to make any XLM awards if there are no eligible submissions or eligible Participants or if Participants do not successfully complete and comply with all necessary compliance and tax obligations.

1.6 To determine the number of XLM equal to the USD value of any award, the USD valuation of XLM shall be calculated using the CF Stellar Lumens-Dollar Settlement Price as administered, maintained, and reported by the cryptocurrency index provider CF Benchmarks Ltd. (using the ticker “XLMUSD_RR”) (available at https://www.cfbenchmarks.com/indices/XLMUSD_RR), or, if such settlement price is unavailable the settlement price as reported on a substantially similar and equally reputable cryptocurrency index provider selection by SDF in its reasonable discretion. The USD valuation of XLM for any particular award shall be calculated using the CF Stellar Lumens-Dollar Settlement Price (or equivalent) reported on the day such award is scheduled to be distributed. Participants acknowledge and understand that XLM is a highly risky and volatile asset, and that SDF does not provide any representations, warranties, or guarantees of its value.

1.7 Participants should inform themselves as to any legal and tax requirements or consequences applicable to them in respect of the acquisition, holding, and disposition of XLM. Participants are responsible for reporting the receipt of any XLM award to relevant government departments or agencies where applicable and paying all applicable taxes in their jurisdiction of residence (federal, state/provincial/territorial and local). SDF RESERVES THE RIGHT TO WITHHOLD A PORTION OF ANY XLM AWARD AMOUNT TO COMPLY WITH THE TAX LAWS OF THE UNITED STATES OR OTHER SDF JURISDICTION, OR THOSE OF A PARTICIPANT’S JURISDICTION.

2.1 SDF reserves the right, in its sole discretion, to cancel, suspend or modify the Bounty Program or any of these eligibility criteria for any reason. To the fullest extent permitted by law, any amendment will become effective at the time specified in the posting or, if no time is specified, the time of posting.

2.2 The Bounty Program is governed by the SDF Terms of Service and these Eligibility Guidelines. If there is any conflict or inconsistency between the Terms of Service and these Eligibility Guidelines, these Eligibility Guidelines will prevail. 

2.3 SDF’s failure to enforce any term of these Eligibility Guidelines shall not constitute a waiver of that provision. Should any provision of these Eligibility Guidelines be or become illegal or unenforceable in any jurisdiction whose laws or regulations may apply, such illegality or unenforceability shall leave the remainder of these Eligibility Guidelines, to the fullest extent permitted by law, unaffected and valid. The illegal or unenforceable provision shall be replaced by a valid and enforceable provision that comes closest and best reflects the SDF’s intention in a legal and enforceable manner.

2.4 SDF may collect personal information in connection with a Bounty Program submission. Such information is subject to the SDF Privacy Policy.

Contact

If you have any questions about the Bounty Program or your eligibility under these guidelines, please email [email protected].