Guide to CoverCompared’s Testnet & Bugbounty Programme

CoverCompared
4 min readDec 19, 2021

--

Our community asked and we have answered! We are super excited for our dApp’s testnet launch & bugbounty programme, all set to go live on the 20th of December where users can report any discrepancies they find for a chance to win rewards of 100,000 USD worth of $CVR.

We are aiming to decentralize the insurance industry to provide ease of access to more audiences and also bring into play a common place where all your insurance — traditional as well as crypto — needs can be met.

Our users can whitelist themselves through the following form
https://docs.google.com/forms/d/1iWedAxDPsOQUTQzF2Zjci6HHnK7YTZmVeuUVZC8exP0/edit#responses

Once you have whitelisted yourself, you will be receiving mock $CVR tokens to your ERC-20 wallet addresses so that you can access our testnet dApp and engage in all the services the app aims to offer, to ensure optimum utilization when our main net launches.

Our BugBounty Programme

In order to join our bugbounty programme, you would have to

Login to the testnet dApp via the below link by connecting your metamask

https://staging-covercompared.polkacover.com/

You will find an invite link to access our bugbounty telegram channel

Once you have joined the channel, you can report any bugs you find on the bugbounty form that would be pinned within the telegram channel.

After you have interacted with the testnet dApp, in case you identify any critical flaws that require immediate action, you can simply report it via the bugbounty form with a detailed description of the bug you have found.

Our DevOps and Security teams will immediately have this diagnosed and will provide a solution to ensure that there are zero disparities when our main net launches.

Those who report a vulnerability will be eligible for a chance to win a reward of 100,000 USD worth of $CVR, based on the risk associated with the bug and its imperativeness.

You will be provided with a bugbounty form that would be pinned within the testnet telegram group, where you can fill in details of the bug you have discovered. You will be able to discuss the diagnosis, reward allocation and other details.

The severity of the bug is classified into the below-mentioned parameters:

Critical

  • Issuing multiple policies to a user by paying for only one policy
  • Issuing a policy to a user by paying less than the quote price. The amount of funds lost due to this should be greater than 5% of the total quote price.
  • Loss of ETH/tokens from core Smart Contracts of CoverCompared. The amount of funds being lost should be greater than or equal to 5% of the total locked value.
  • Users being granted with system privileges causing loss of funds,user base manipulation, etc.
  • Bugs that may lock funds or render them inaccessible to the protocol or their owners.
  • Serious logic design flaws and process defects.

High

  • Issuing a policy to a user by paying less than the quote price. The amount of funds lost due to this should be greater than 5% of the total quote price.
  • Loss of ETH/tokens from Core Smart Contracts of CoverCompared. Where the amount of funds being lost is less than 5% of the total locked value.
  • Unauthorized sensitive operations.
  • Bugs that may enable malicious actors to masquerade other users and perform functions that would jeopardise the user’s/protocol’s funds.
  • Users being granted edit access to sensitive information which can lead to user base manipulation and inconvenience.

Medium

  • Vulnerabilities that require interaction and affect users.
  • Bugs relating to Gas Optimization.
  • Vulnerabilities that may affect/damage the protocol state.
  • General unauthorized operations, edit access, etc.

Low

  • Local denial of service vulnerabilities and Direct denial of service
  • CSRF (cross-site request forgery), reflected-XSS, and so on.
  • Information leakage, such as path information, exception information, SVN information, and so on.
  • Using outdated versions of a system, supporting outdated versions of an encryption protocol, such as supporting low-strength encryption algorithms, SSL (secure-sockets layer) or TLS (transport-layer security) 1.0.

The rewards will be allocated as per the below format depending on the severity of the bug.

We are very excited for you to participate in this programme and thank you for all the support. The continued encouragement from our community has kept us at the forefront in revolutionizing the insurance industry as we continue to march on.

About CoverCompared:

CoverCompared is the First DeFi insurance marketplace for the global crypto ecosystem. We aim to lower transactional and administrative costs of insurance policies and coverage while providing high-value, cost-effective insurance products bought using a host of cryptocurrencies.

Our platform will be connecting users with multinational insurance providers for all global insurance products such as crypto-related protection, health, life, and travel policies. The platform will include a frictionless insurance marketplace experience that incorporates next-generation blockchain technology and tokenized incentives.

Social Media: Twitter | Medium | Telegram | Github

--

--

CoverCompared

The First DeFi Insurance marketplace for the global crypto ecosystem