Skip to content

Latest commit

 

History

History
17 lines (12 loc) · 1.04 KB

security-bounty-program.md

File metadata and controls

17 lines (12 loc) · 1.04 KB

🐛 Security Bounty Program

If you report security issues within our backend, smart contracts, and operations, we offer a security bounty program. To be eligible for a bounty, be sure to follow these requirements:

  1. Make sure you can describe the security issue you found in a concise and reproducible way.
  2. Contact us first. If you use or publish the vulnerability you will not be eligible for a bounty payout. Our contact address is [email protected].
  3. Give us time to assess and address the issue. Sometimes behaviour can be perceived as security issue.

We will grade severity of reported issues and use the CVSS scale as a guideline. The ultimate decision about the severity we consider to be achieved remains in our discretion.

Severity Payout
Low 1000-2500 USDC
Medium 5000 USDC
High 40000-75000 USDC

Payouts will be conducted in an established ERC20 stablecoin like USDC. Please make sure to be able to receive ERC20 tokens.