🔌
Bug bounty
As well as using Quantstamp, we invite everyone to help us maintain security by unearthing any vulnerabilities in our contracts in return for rewards through our bug bounty program. Security is one of the most important factors, so anyone who finds serious vulnerabilities will be generously rewarded.
Please be aware that this program is aimed at smart contracts on-chain. Vulnerabilities found in the contracts on-chain are eligible for a bug bounty. Things related to web front-end are not part of this program. However, we do advise you to contact our team with these issues at secu[email protected] - we’ll always reward accordingly.
The scope of the bounty program is limited to liquidity mining contracts. These can be found using the following link:
To assess the severity of these vulnerabilities, or bugs, we will be using the CVSS scoring system as shown in the image below:
We believe that any serious vulnerability should be rewarded accordingly. Whenever a vulnerability is found that could result in the loss of user funds, we can reward up to $250,000. The exact breakdown of the payments can be found below:
- Informational - reward up to $500
- Low risk - reward up to $1,000
- Medium risk - reward up to $5,000
- High risk - reward up to $50,000
- Critical vulnerability - reward up to $250,000
Payouts will be made in USDC after we confirm the vulnerability and the person in question successfully cooperates with our team to solve the issues.
Whenever you find a vulnerability, please contact [email protected] with a clear breakdown of the vulnerability and a way for us to get in touch.
Last modified 2mo ago