Bug bounty

As well as using Quantstamp, we invite everyone to help us maintain security by unearthing any vulnerabilities in our contracts in return for rewards through our bug bounty program. Security is one of the most important factors, so anyone who finds serious vulnerabilities will be generously rewarded.

What does the bug bounty program cover?

Please be aware that this program is aimed at smart contracts on-chain. Vulnerabilities found in the contracts on-chain are eligible for a bug bounty. Things related to web front-end are not part of this program. However, we do advise you to contact our team with these issues at secu[email protected] - we’ll always reward accordingly.
The scope of the bounty program is limited to liquidity mining contracts. These can be found using the following link:

How do you score the severity of vulnerabilities that are found?

To assess the severity of these vulnerabilities, or bugs, we will be using the CVSS scoring system as shown in the image below:

What can I earn when I find a vulnerability?

We believe that any serious vulnerability should be rewarded accordingly. Whenever a vulnerability is found that could result in the loss of user funds, we can reward up to $250,000. The exact breakdown of the payments can be found below:
  • Informational - reward up to $500
  • Low risk - reward up to $1,000
  • Medium risk - reward up to $5,000
  • High risk - reward up to $50,000
  • Critical vulnerability - reward up to $250,000
Payouts will be made in USDC after we confirm the vulnerability and the person in question successfully cooperates with our team to solve the issues.

What if I find a vulnerability?

Whenever you find a vulnerability, please contact [email protected] with a clear breakdown of the vulnerability and a way for us to get in touch.