Remedy Code Of Conduct

The following document aims to provide guidelines for proper engagement on the Remedy platform and explains the actions Remedy management may take in case of violations.

PreviousRules and Policies NextGeneral Terms

Last updated 8 months ago

Remedy Code Of Conduct

The following document aims to provide guidelines for proper engagement on the Remedy platform and explains the actions Remedy management may take in case of violations.

When participating in programs on Remedy (further "Platform"), all Security Researchers are expected to support our community values by following the Remedy Code of Conduct (CoC). This CoC adds to the that researchers agree to upon creating an account.

Some programs may also include specific rules of engagement or conduct within their policies, which can be enforced through program-level sanctions. Therefore, Security Researchers must review the program policies before engaging in any program.

It should also be noted that the Enforcement Measures described herein might be enforced more strictly than described below if they occur in combination or are affected by other case-specific conditions.

1. CoC Violations

1.1 Unethical Behavior

Security Researchers must act professionally and ethically. The definition of unethical behavior includes, but is not limited to:

Begging for a Bounty reward that is not owed to the Security Researcher based on the terms of the Program.
Requesting gas fees from the Platform or the Program.
Disputing a Report after it has been paid or marked as closed, except for requesting mediation.
Falsely claiming that a bug report affects an Asset in scope when it does not.
Exaggerating the severity of a Report to receive a higher Bounty pay-out.
Underreporting or misrepresenting vulnerabilities to receive a higher Bounty.

1.2 Abusive Behavior/Harassment

Conducting attacks based on personal characteristics, such as race, gender, religion, or sexual orientation.
Engaging in harassment or abusive communication with the Program, the Platform, or other Security Researchers.

1.3 Unsafe Testing/Service Degradation

Security Researchers must not perform unsafe testing without prior authorization. This includes (but is not limited to):

Testing with live or public testnet contracts without permission from the Program.
Conducting automated testing that generates excessive traffic on the Program owner's platform.
Attempting to exploit or attack the project on the Platform.
Accessing sensitive information beyond what is necessary to submit the bug report or conduct mediation.
Impacting the stability of customer systems outside of posted testing policies.
Contributing fixes to the Program's repository without obtaining explicit permission.

1.4 Irresponsible disclosure

Revealing the Report or its existence to the public before the Program has addressed and compensated it and fixed the bugs revealed in the report.
Revealing the Report to the public before 45 days have passed since the Project determined it was out of scope or did not require a fix.
Revealing a Report that is considered a duplicate or already known to the Program.
Revealing a valid Report accepted by the Program and for which the Bounty was paid without the prior written confirmation of the Program owner.
Disclosing sensitive information beyond what is necessary to submit the bug report or conduct mediation.
Publishing content that violates the law or when communicating with the Program.

1.5 Communicating with the Program Team Outside Of The Platform

All communication between the Security Researcher and the Project must be conducted through the platform's built-in features (e.g., chat). Any communication concerning the Programs published on the Platform conducted outside the Platform will be considered a breach of this CoC.

1.6 Theft of Intellectual Property

Upon accepting the Report and subsequent closing its status, the Security Researcher acknowledges that the report's ownership is transferred to the Program owner. This transfer occurs when the Security Researcher receives the Bounty and doesn’t protest the case within 7 days after the transfer.

1.8 Extortion/Blackmail

Engaging in extortion, blackmail, or threats of extortion/blackmail against the Program or any of its members.
Threaten to exploit/attack the Program or the Platform.
Threatening violence against the Program, Platform, or any of its members or other Security Researchers.
Threatening to publish or publishing people's personal information without their consent.
Pretending to be other Security Researchers.

NOTE: A breach of this section will most probably lead to criminal prosecution.

2. Enforcement Measures

Point #

Incident

1st violation

2nd violation

3rd violation

4th violation

5th violation

2.1

Unethical Behavior

Educational

1st Warning

Final Warning

Temporary ban (1 month)

Permanent ban

2.2

Abusive Behavior/Harassment

Final Warning

Temporary ban (1 month)

Permanent ban

2.3

Unsafe Testing/Service Degradation

1st Warning

Final Warning

Temporary ban (1 month)

Permanent ban

2.4

Irresponsible disclosure

Temporary ban (1 month)

Permanent ban

2.5

Communicating with the Program Team Outside Of The Platform

Educational

Final Warning

Temporary ban (1 month)

Permanent ban

2.6

Theft of Intellectual Property

Temporary ban (1 month)

Permanent ban

2.7

Social Engineering

Permanent ban

2.8

Extortion/Blackmail

Permanent ban

2.9

Spamming

Educational

1st Warning

Final Warning

Temporary ban (1 month)

Permanent ban

PreviousRules and Policies NextGeneral Terms

Last updated 8 months ago

1. CoC Violations

1.1 Unethical Behavior

Security Researchers must act professionally and ethically. The definition of unethical behavior includes, but is not limited to:

Begging for a Bounty reward that is not owed to the Security Researcher based on the terms of the Program.
Requesting gas fees from the Platform or the Program.
Disputing a Report after it has been paid or marked as closed, except for requesting mediation.
Falsely claiming that a bug report affects an Asset in scope when it does not.
Exaggerating the severity of a Report to receive a higher Bounty pay-out.
Underreporting or misrepresenting vulnerabilities to receive a higher Bounty.

1.2 Abusive Behavior/Harassment

Conducting attacks based on personal characteristics, such as race, gender, religion, or sexual orientation.
Engaging in harassment or abusive communication with the Program, the Platform, or other Security Researchers.

1.3 Unsafe Testing/Service Degradation

Security Researchers must not perform unsafe testing without prior authorization. This includes (but is not limited to):

Testing with live or public testnet contracts without permission from the Program.
Conducting automated testing that generates excessive traffic on the Program owner's platform.
Attempting to exploit or attack the project on the Platform.
Accessing sensitive information beyond what is necessary to submit the bug report or conduct mediation.
Impacting the stability of customer systems outside of posted testing policies.
Contributing fixes to the Program's repository without obtaining explicit permission.

1.4 Irresponsible disclosure

Revealing the Report or its existence to the public before the Program has addressed and compensated it and fixed the bugs revealed in the report.
Revealing the Report to the public before 45 days have passed since the Project determined it was out of scope or did not require a fix.
Revealing a Report that is considered a duplicate or already known to the Program.
Revealing a valid Report accepted by the Program and for which the Bounty was paid without the prior written confirmation of the Program owner.
Disclosing sensitive information beyond what is necessary to submit the bug report or conduct mediation.
Publishing content that violates the law or when communicating with the Program.

1.5 Communicating with the Program Team Outside Of The Platform

All communication between the Security Researcher and the Project must be conducted through the platform's built-in features (e.g., chat). Any communication concerning the Programs published on the Platform conducted outside the Platform will be considered a breach of this CoC.

1.6 Theft of Intellectual Property

Upon accepting the Report and subsequent closing its status, the Security Researcher acknowledges that the report's ownership is transferred to the Program owner. This transfer occurs when the Security Researcher receives the Bounty and doesn’t protest the case within 7 days after the transfer.

1.8 Extortion/Blackmail

Engaging in extortion, blackmail, or threats of extortion/blackmail against the Program or any of its members.
Threaten to exploit/attack the Program or the Platform.
Threatening violence against the Program, Platform, or any of its members or other Security Researchers.
Threatening to publish or publishing people's personal information without their consent.
Pretending to be other Security Researchers.

NOTE: A breach of this section will most probably lead to criminal prosecution.

2. Enforcement Measures

Point #

Incident

1st violation

2nd violation

3rd violation

4th violation

5th violation

2.1

Unethical Behavior

Educational

1st Warning

Final Warning

Temporary ban (1 month)

Permanent ban

2.2

Abusive Behavior/Harassment

Final Warning

Temporary ban (1 month)

Permanent ban

2.3

Unsafe Testing/Service Degradation

1st Warning

Final Warning

Temporary ban (1 month)

Permanent ban

2.4

Irresponsible disclosure

Temporary ban (1 month)

Permanent ban

2.5

Communicating with the Program Team Outside Of The Platform

Educational

Final Warning

Temporary ban (1 month)

Permanent ban

2.6

Theft of Intellectual Property

Temporary ban (1 month)

Permanent ban

2.7

Social Engineering

Permanent ban

2.8

Extortion/Blackmail

Permanent ban

2.9

Spamming

Educational

1st Warning

Final Warning

Temporary ban (1 month)

Permanent ban