Bug Bounty Program¶
Since Hummingbot is experimental, beta software that can be run in many different user configurations and markets, we are leveraging the power of our community to help us identify and properly handle all the edge cases which may arise.
As a small token of our appreciation for users who invest their time and effort to try out Hummingbot and report the issues they encounter, we are excited to announce a bounty program for reward users who help improve Hummingbot's stability and reliability!
The bounty program applies to issues found within the public, open source Hummingbot code base.
We will pay bug reporters 0.1 ETH for any bug reported that meets the following criteria:
- It has a different root cause than any other bug reported by other users or discovered by the Hummingbot team
- Reporter follows the submission guidelines below (see Submission)
- We decide to fix the bug
In addition, we may add a discretionary bonus to bugs that entail security vulnerabilities, depending on the severity of the vulnerability.
Bounty Rules and Guidelines¶
- Bounties are awarded on a first-report basis
- We ask that you do not use vulnerabilities or errors you come across for purposes other than your own investigation
- We ask that you do not publicize or disclose to any third parties any details of security vulnerabilities until the Hummingbot team removes those issues
- All bounties and rewards will be subject to the sole discretion of the Hummingbot team
- For security vulnerabilities: Email the description of the issue to us at firstname.lastname@example.org
- For all other bugs: Submit a Bug Report in our Github repo
- Please follow the template and include detailed descriptions of the bug, steps to reproduction, supporting artifacts such as screenshots, logs, configuration settings, and suggested fixes, if any
- Privacy: We pledge that we will not use your information for trading purposes or share your personal information with third parties
The Hummingbot team will investigate your report within 24 hours, contact you to discuss the issue, and send 0.1 ETH to your Ethereum wallet once the team decides to fix the bug that you reported.
In this section, we will publish a list of reported bugs and their status.
Bounty distribution (As of 11/05/2019)¶
|ETH Address (First 6 digits)||Bugs Reported||Github Issue||Paid?|
|0x93cF||Missing logs file||NA||Y|
|0xc1fc||Problem installing on Windows||#94||Y|
|0xD9B9||Precision issue in Coinbase||#106||Y|
|0xDE1f||Get wallet -e doesn't work||#96||Y|
|0xf452||Maker order size (0.0) must be greater than 0||#118||Y|
|0xf452||Coin flagged erroneously as zero balance on radar_relay||#101||Y|
|0x32a5||DDEX market orders are incorrect||#147||Y|
|0xf452||Problem in compiling hummingbot 0.5.0 and dev-0.6.0 in windows bash||#155||Y|
|0xB389||Order still shown as active after being filled||#341||Y|
|0xEEDf||Unexpected error running clock tick - arbitrage in binance||#401||Y|
|0xC39F||RadarRelay - Limit orders require an expiration timestamp 'expiration_ts'||#568||Y|
|0xcF44||Trade type is always tagged as "Sell"||#631||Y|
|0xFcba||Trades for taker market > maker market||#627||Y|
|0x2212||Bounties "Filled volume" remain constant||#644||Y|
|0xf01E||export_trades command will only export 100 trades||#677||Y|
|0x1309||Discovery fails when processing market pair||#721||Y|
|0x2A60||Stop command causes "cancelled order"||#723||Y|
|0x8950||Token symbol format for Discovery configuration||#724||Y|
|0xd8fb||Bounty Status server error||#754||Y|
|0x1D95||0 day remote command execution||#555||Y|
|0x09B4||Huobi assets are not displayed when using cross exchange MM||#826||Y|
|0xe363||XEMM not placing orders in empty maker market||#854||Y|
|0x75e8||Volume traded from Oct 10 - 13 are missing||#918||Y|
|0x21a0||code bug in ddex_market.pyx||#923||Y|
Happy 🐞 hunting!