Bug Bounty Program

Cat Town Bug Bounty Program Terms and Conditions

Introduction

Cat Town values the security of our game and the privacy of our users. Our Bug Bounty Program rewards researchers for identifying and reporting vulnerabilities. By participating, you agree to the following terms and conditions.

Eligibility

1. Participants: Open to all individuals except for employees, contractors, or affiliates of Cat Town.

2. Age Requirement: Participants must be at least 18 years old or have parental consent if under 18.

3. Legal Compliance: Participants must comply with all local laws and regulations.

Scope

1. In Scope:

   • Cat Town game application (web and mobile versions).

   • Smart contracts on Base main net.

   • Official Cat Town websites and associated subdomains.

2. Out of Scope:

   • Third-party applications and services.

   • Denial of Service (DoS) attacks.

   • Social engineering and phishing attacks.

Reporting Guidelines

1. Report Submission: Reports should be submitted via email to rob@cat.town.

2. Required Information: Include a clear description of the vulnerability, steps to reproduce, and potential impact.

3. Proof of Concept: Provide detailed proof of concept (PoC) with screenshots or video evidence.

Rewards

1. Reward Criteria: Rewards are based on the severity of the vulnerability, determined by the Common Vulnerability Scoring System (CVSS). The CVSS score is subjective and will be determined by the Cat Town team, with context.

2. Reward Range:

   • Low: $50 - $200

   • Medium: $200 - $1,000

   • High: $1,000 - $5,000

   • Critical: $5,000 - $10,000

3. Payment: Rewards will be paid in cryptocurrency (ETH) on Base.

Disclosure Policy

1. Non-Disclosure Agreement: Participants must not disclose vulnerabilities to the public or any third party until the issue is resolved - once the vulnerability is patched, we will give full permission for blog posts etc.

2. Public Acknowledgment: Cat Town will publicly acknowledge participants who wish to be recognized, after the vulnerability is fixed.

Legal

1. Good Faith: Participants must act in good faith and avoid privacy violations, data destruction, or service disruption.

2. Authorization: Testing should be confined to in-scope assets only.

3. Ownership: Participants grant Cat Town the rights to use, modify, and distribute reports and related materials.

Exclusions

Cat Town is not responsible for:

1. False Claims: Reports that do not lead to vulnerability fixes.

2. Previous Reports: Issues already known or reported by other participants.

3. Legal Action: Any legal action taken against participants for actions violating the terms.

Program Changes

Cat Town reserves the right to change or terminate the Bug Bounty Program at any time without prior notice.

Contact

For any questions regarding the Bug Bounty Program, contact us at rob@cat.town.

By participating in the Cat Town Bug Bounty Program, you agree to all the terms and conditions stated above.

Acknowledgment

Participants agree that they have read, understood, and accept the terms and conditions of this Bug Bounty Program.