Find and report vulnerabilities to secure the software supply chain
Reporting OSS vulnerabilities requires users to stake tokens to a bug report to prevent spam and protect project maintainers. Anyone who submits a valid report may receive rewards if the vulnerability is confirmed—regardless of whether the bug is ultimately resolved.
Every submitted vulnerability report is accompanied by a governance-defined timeline for the OSS project maintainer to address or resolve the software vulnerability. The first step is for the project maintainer to confirm the validity of the bug report.
The tea Protocol incentivizes prompt and thorough responses to vulnerability reporting. Project maintainers who do not acknowledge or resolve reported issues in a timely manner may be penalized by a token-slashing event. Token slashing also impacts a project’s stakers.