Security Audits

Our commitment to security is reflected in the quality of our code and the processes we follow. We have a dedicated team of security experts that are constantly working to improve our security posture, and we work with leading security firms to perform regular audits and penetration tests.

Halborn Security

Halborn was founded in 2019 by renowned ethical hacker Steven Walbroehl and growth hacker Rob Behnke. The fully remote organization has since grown to over 100 of the best and brightest offensive security engineers in the world.

Halborn Security has audited many of the leading protocols including Avalanche, Bancor, Bored Ape Yacht Club, Polygon, and hundreds more, and found found no critical issues with the Earth Ether protocol.

Bounty Program

In our commitment to ensure the safety, security, and the highest possible performance of the Earth Ether protocol, we are excited to announce our Bug Bounty Program. This initiative aims to incentivize members of the Ethereum, cybersecurity, and broader tech communities to assist in identifying vulnerabilities within our protocol.

Our objective at Earth Ether is to create a sustainable future by supporting initiatives that help combat oceanic and atmospheric pollution, and ensure Web3 technology is used for something great in our lives. By contributing to the security of our platform, you are helping to create a more stable and reliable framework to finance these projects. As such, your participation is not only beneficial for the Earth Ether community but for the broader global community and our shared environment.

Scope

Our bug bounty program spans the following areas of our system:

  1. Smart contracts deployed on the Ethereum Mainnet.
  2. Earth Ether staking protocol and infrastructure.
  3. Web-based front-end interfaces and APIs.
  4. Cross-chain bridges and interoperability tools.

Rules and Rewards

Rules

  1. Disclose the vulnerabilities privately to our team. Public disclosure of a vulnerability makes it ineligible for a bounty.
  2. Vulnerabilities should be original and previously unreported.
  3. Provide detailed reports with reproducible steps. If the report is not detailed enough to reproduce the issue, the issue will not be eligible for a reward.
  4. Submit one vulnerability per report.
  5. Do not engage in any activity that could potentially harm the TerraStake services or its users.
  6. Any kind of Denial of Service (DoS) attack is strictly prohibited.

Rewards

The rewards for our bug bounty program are based on the severity of the vulnerability. We use the CVSS (Common Vulnerability Scoring System) to determine the severity. Rewards are payable in ETH or our native token (upon your preference) and will fall within the following ranges:

  • Critical (9.0 - 10.0): Up to $15,000
  • High (7.0 - 8.9): Up to $10,000
  • Medium (4.0 - 6.9): Up to $2,500
  • Low (0.1 - 3.9): Up to $1,000

We also understand the intrinsic motivation of the blockchain and environmental communities. As such, we offer the option to allocate the bounty you earn directly to any of the environment restoration projects that we support. In these cases, we will boost your donation by an additional 10%.

Submission Process

To report a vulnerability:

Send an email to bugbounty@earthwallet.io with the following information:

  1. Description of the location and potential impact of the vulnerability.
  • A detailed description of the steps required to reproduce the vulnerability.
  • Your Ethereum address for receiving the bounty.
  1. Our team will review your submission and respond within 5 business days with the next steps.