The Sandbox is continuing its “Bug Bounty Program” with earnings for participating users. The program requires users to report bugs found when using the game’s blockchain ecosystem. Individuals have the opportunity to earn up to $200,000 in $SAND tokens.
Participants in the program must complete the KYC requirements for the program when submitting a report to earn a reward. They must submit an ID photo with a scanned copy of a utility bill reflecting residency proof.
Bug bounty hunters must submit bug reports with a PoC with end-effects affecting an asset-in-scope to qualify for a reward. According to the Sandbox, statements and explanations are not eligible as PoC. Bug bounty hunters must also include the code while submitting bug reports.
The Sandbox will distribute rewards based on the severity of the vulnerability as classified by the Immunefi Vulnerability Severity Classification System V2.2. They will be capping the rewards for vulnerabilities associated with a critical smart contract at 10% of economic damage.
The minimum reward in the program is $50,000, while the maximum is $200,000. Where there are repeatable attackers, the bug bounty hunter will only receive a reward for the first attack, except the smart contract is not upgradeable.