Scope & Policy

This Disclaimer pertains to edeXa AG's ("edeXa") Ambassador Program and governs the scope of each Ambassador's authorized activities as well as edeXa's rights and limitations of liability. All participants in the Ambassador Program ("Ambassadors") must carefully review and adhere to this Disclaimer.

About

edeXa Chain is the best Ecosystem of Blockchains for Businesses with massive user bases, dedicated to delivering its core infrastructure necessary for future Private and public adoption https://edexa.network

Policy

edeXa Chain is committed to the safety and security of the Blockchain Ecosystem. To help us achieve this goal, we have implemented the edeXa Chain Bug Bounty Program encouraging security researchers and enthusiasts to identify vulnerabilities that directly affects edeXa Chain and report them to us. In return for their valuable contributions, we offer rewards based on the severity and impact of the reported issues ("edeXa Chain Bug Bounty Program").

Below are the guidelines and conditions for edeXa Chain Bug Bounty Program:

1. Scope of the Program

edeXa Blockchain

Type
Link
Website
Website

edeXa Blockchain Components

Type
Link
Client Implementation
edeXa explorer

edeXa smart Contract

Type
Link
edeXa NFT Engine Smart Contract
bStamp Smart Contract
bStamp Smart Contract

edeXa Public Blockchain Developer Links

edeXa Blockchain Documentatio

Type
Link
edeXa blockchain Documentation

1.2. Out of Scope

Only the targets listed above shall be deemed as part of the edeXa Chain Bug Bounty Program ("Bounty-Scope"). The following items are not part of the Bounty-Scope. our infrastructure; such as webpages, dns, email etc, Social engineering tactics (such as phishing or vishing)Physical security breachesIssues in third-party systems, services, or applications outside our domain.Denial of service attacksVulnerabilities solely affecting outdated or unpatched devices/browsers

2. Reporting Guidelines

2.1.

Security researchers should submit their reports to the Bounty Page available at  https://edexa.network/edx_bounty_program. The report should include a detailed description of the vulnerability, steps to reproduce the issue, potential environment, proof of concept, and any relevant screenshots, log files, or other evidence. We encourage researchers to submit their findings as soon as possible to minimize the risk of duplicate reports.

2.2.

The Participants agree with the following:

a) Submitted reports include a clear, concise, and reproducible description of the identified vulnerability, along with detailed steps to reproduce the issue and supporting evidence such as screenshots or logs.

b) If the vulnerability has already been reported by another participant, the submitted report will be marked as a duplicate and will not be eligible for a reward.

c) edeXa Chain Foundation reserves the right to determine the validity and severity of a reported vulnerability at its sole discretion. edeXa Chain Foundation also reserves the right to reject any report that does not meet edeXa Chain Foundation's guidelines or criteria.

d) Participants shall not disclose any information about the identified vulnerability to any third party without edeXa Chain Foundation's prior written consent.

e) Participants must give edeXa Chain Foundation a reasonable amount of time to address and rectify the identified vulnerability before any public disclosure.

f) Participants must not engage in any malicious activities that could result in damage to edeXa Chain Foundation's systems, loss of data, or any other negative impact.

g) Reports should be written in English.

3. Reward

edeXa will distribute the rewards after the evaluation and verification process is complete. The distribution method and timeframe will be communicated to the participants. Participants must provide accurate and valid wallet addresses or other information required for reward distribution.

3.2. Hall of Fame Recognition

Participants who have demonstrated exceptional skills and contributed significantly to the improvement of edeXa Chain`s security will be acknowledged through the following means:

a. Public Recognition: The names (or aliases, if preferred) of top contributors will be displayed on our Bug Bounty Hall of Fame webpage, honoring and thanking them for their valuable contributions.

b. Digital Certificate: edeXa Chain Foundation will issue a digital certificate of recognition, highlighting the participants' achievements in the edeXa Chain Bug Bounty Program.

c. Exclusive Access: Hall of Fame members may be granted exclusive, limited-time access to upcoming features, enabling them to showcase their expertise in assessing vulnerabilities before public release.

To maintain high standards and credibility, edeXa Chain Foundation reserves the right to determine the eligibility of participants for the Hall of Fame. Factors that may be taken into consideration include the vulnerability's criticality, the participant's contribution history, and adherence to responsible disclosure guidelines.

edeXa Chain Foundation retains the right to remove any participant from the Hall of Fame for reasons including, but not limited to, unethical behavior, violation of edeXa Chain Bug Bounty Program rules, or any other actions that may compromise the integrity of the recognition.

4. Eligibility

a. Age Requirements: To participate in the edeXa Chain Bug Bounty Program, you must be at least 18 years old.

b. Employee Participation: edeXa Chain Foundation employees, affiliates, their immediate family members, and contractors are welcome to join the program. However, monetary rewards will not be granted to these participants.

b. Digital Certificatec. Country Restrictions: To be eligible for the program, you must not live in or hold citizenship from a country subject to embargoes, sanctions, or conflicts with the edeXa Chain Foundation's jurisdiction.: edeXa Chain Foundation will issue a digital certificate of recognition, highlighting the participants' achievements in the edeXa Chain Bug Bounty Program.

d. Tax Obligations: As a participant, you are responsible for any tax implications based on your country of residence and citizenship.

e. Local Law Compliance: Additional restrictions on your ability to participate may be imposed by your local law. It is your responsibility to ensure compliance.

f. Program Nature: This is not a competition; rather, it is an experimental, discretionary rewards program. The edeXa Chain Foundation reserves the right to cancel the program or decide whether to award a reward at any time and entirely at its discretion.

5. Vulnerability Classifications

5.1. Vulnerability Classifications on edeXa Beacon Chain and edeXa Smart Chain

P0:

Vulnerabilities that could undermine the safety of any user or validator's fund/fee
Vulnerabilities that could severely undermine trading or token economy
Remote Code Execution on any edeXa Beacon Chain/edeXa Smart Chain node, such as Validator nodes, Witness nodes, or Seed nodes
Vulnerabilities related to key generation, encryption, decryption, signing and verification
Vulnerabilities that could disrupt the edeXa Beacon Chain governance
Transaction origin spoofing or transaction malleability
Any issues causing irreparable consensus splits from the rest of the network

P2:

Denial of service of any edeXa Beacon Chain validator node
Vulnerabilities that could undermine or disrupt trading or token economy
Vulnerabilities that could disrupt the Validator consensus result and performance
Vulnerabilities that could cause the Accelerated Node to be unable to respond with user queries on orders, transactions, balances, market depth
Access of disabled channels for cross-chain communication
Denial of service of cross-chain communication

P3:

Denial of service of the edeXa Beacon Chain & edeXa Smart Chain Explorer
Denial of service of seed and/or data seed nodes.
Denial of service for BSC Relayers / Oracle Relayers

P4:

Vulnerabilities that could affect the stability or availability of edeXa Beacon Chain/ edeXa Smart Chain / ExplorerDenial of service of non-critical functions

6. General Provisions

6.1.

Participants acknowledge that their participation in the edeXa Chain Bug Bounty Program is voluntary and at their own risk. edeXa Chain is not responsible for any loss, damage, or liability arising from participation in the program. edeXa Chain Bug Bounty Program considers a number of variables in determining rewards. Determinations of eligibility, score and all terms related to an award are at the sole and final discretion of the edeXa Chain Foundation bug bounty panel.

6.2.

edeXa Chain Foundation reserves the right to amend, modify, or update the edeXa Chain Bug Bounty Policy at any time, without prior notice. Participants are advised to periodically review the policy for any changes. Continued participation in the edeXa Chain Bug Bounty Program after any such changes shall constitute acceptance of the updated policy. edeXa Chain Foundation reserves the right to terminate the edeXa Chain Bug Bounty Program at any time without prior notice and shall not be liable for any unfulfilled rewards or incomplete tasks

6.3.

By participating in the edeXa Chain Bug Bounty Program, researchers agree to comply with all applicable laws and regulations while conducting their research. Unauthorized disclosure of vulnerabilities outside the scope of the program or before an official fix is released by edeXa Chain Foundation may result in disqualification from the program and potential legal action.

6.4.

By participating in the edeXa Chain Bug Bounty Program, the participants agree to be bound by these clauses and any additional terms and conditions set forth by edeXa Chain Foundation.

6.5.

This edeXa Chain Bug Bounty Program and any disputes arising out of or relating to it shall be governed by, and construed in accordance with, the laws of Singapore, without giving effect to its conflict of law principles.

6.6.

All disputes arising out of, or in connection with, this edeXa Chain Bug Bounty shall be resolved in the following manner

a) Amicable Resolution: The parties shall attempt, in good faith, to negotiate and resolve any disputes or disagreements that may arise by engaging in discussions and consultations for a minimum period of thirty (30) days from the date a written notice is received by either party.

All disb) All disputes, controversies or claims between the Parties arising out of or in connection with this Agreement (including its existence, validity or termination) shall be finally resolved by arbitration to be held in Singapore, and conducted in English under the Rules of Arbitration of the Singapore International Arbitration Centre; provided, however, that each Party may enforce its or its Affiliates’ intellectual property rights in any court of competent jurisdiction, including but not limited to equitable relief. The arbitral award shall be final and binding on the Parties. Except to the extent of entry of judgment and any subsequent enforcement may require disclosure, all matters relating to the arbitration, including the award, shall be held in confidenceputes arising out of, or in connection with, this edeXa Chain Bug Bounty shall be resolved in the following manner

6.7.

The failure of edeXa Chain Foundation to exercise or enforce any right or provision of this policy at any given time shall not constitute a waiver of such right or provision, nor does it prevent edeXa Chain Foundation from exercising its rights in the future.

6.8.

If any provision of this edeXa Chain Bug Bounty Policy is found to be invalid, illegal, or unenforceable by a court of competent jurisdiction, the remaining provisions shall continue in full force and effect.

6.9.

If any provision of this edeXa ChThis edeXa Chain Bug Bounty Policy, along with any additional terms and conditions referenced herein, constitutes the entire agreement between the parties concerning the subject matter hereof and supersedes all prior understandings, agreements, and communications, whether oral or written, relating to the subject matter.ain Bug Bounty Policy is found to be invalid, illegal, or unenforceable by a court of competent jurisdiction, the remaining provisions shall continue in full force and effect.

6.10.

edeXa Chain Foundation may assign its rights and obligations under this edeXa Chain Bug Bounty Policy, in whole or in part, to any affiliate or successor entity without notice to, or consent from, the participants.

6.11.

Nothing in this edeXa Chain Bug Bounty Policy is intended to confer any rights or remedies on any persons other than the parties and their respective successors and permitted assigns.

6.12.

By participating in this edeXa Chain Bug Bounty Program, the participants agree to adhere to and be bound by this Policy and any additional terms and conditions set forth by edeXa Chain Foundation.

Contact information

If you have any questions or concerns regarding this Privacy Policy or regarding our handling of personal data, you can contact us at the following addresses:

by email:

contact@edexa.io

or by letter:

edeXa AG
Kanalstrasse
32LI-9490 Vaduz

Tel. 00423 238 10 00
www.edeXa.io

edeXa