As well as using Quantstamp, we invite everyone to help us maintain security by unearthing any vulnerabilities in our contracts in return for rewards through our bug bounty program. Security is one of the most important factors, so anyone who finds serious vulnerabilities will be generously rewarded.
Please be aware that this program is aimed at smart contracts on-chain. Vulnerabilities found in the contracts on-chain are eligible for a bug bounty. Things related to web front-end are not part of this program. However, we do advise you to contact our team with these issues at [email protected] - we’ll always reward accordingly.
The scope of the bounty program is limited to liquidity mining contracts. These can be found using the following link:
We believe that any serious vulnerability should be rewarded accordingly. Whenever a vulnerability is found that could result in the loss of user funds, we can reward up to $250,000. The exact breakdown of the payments can be found below:
- Informational - reward up to $500
- Low risk - reward up to $1,000
- Medium risk - reward up to $5,000
- High risk - reward up to $50,000
- Critical vulnerability - reward up to $250,000
Payouts will be made in USDC after we confirm the vulnerability and the person in question successfully cooperates with our team to solve the issues.