Bug bounty call-out

Bug bounty call-out

The 0xcert team has decided to provide a valid and secure ERC-721 implementation for the Ethereum community. We recognize the need and necessity of a security audit in order to keep all further usage safe and secure. In this light, a bug bounty program is being launched and we would love if the community can help find and disclose security issues and vulnerabilities.

About implementation

ERC-721 is a standard interface for non-fungible tokens on the Ethereum blockchain, invented by Dieter Shirley and written by William Entriken. The 0xcert development team decided to build the fully compatible implementation, which is going to be open-source and available to everyone.

Scope & rules

This bug bounty program will run from 2018–05–16 at 00:01 CET to 2018–06–16 at 23:59 CET. All of the discussions and code in this bug bounty program are publicly available in this repository. Help us find any problems with the ERC-721 implementation and you will be rewarded.

  • Be descriptive and detailed when describing your issue.
  • Fix it and recommend a way to solve the problem.
  • Include a truffle or detailed test case that we can reproduce.
  • Issues that have already been published here or are already disclosed to the 0xcert team are not eligible for rewards.
  • Social engineering, XKCD#538 attacks, bringing down Ropsten/Metamask/Infura are not in scope and will NOT be paid a reward.
  • Only the contracts regarding the ERC-721 are in scope, our website is not in scope.
  • GitHub issues is the only way to report issues and request rewards.
  • The 0xcert team has a complete and final judgment on the acceptability of issue reports.


  • We will distribute up to 5 ETH among all participants that reported a unique high severity bug.
  • Reports for medium and low bugs will receive our 0xcert t-shirt and an honorable mention.

Note that if the EIP standard is amended then an issue will be Low severity if it points this out to us. We will support the updated standard.

Original content comes from Github. For any questions, please visit: https://github.com/0xcert/ethereum-erc721/issues/46