Bug bounty
Overview
Help us identify bugs, vulnerabilities, and exploits in the autonomous agents and get rewarded. This bounty program will run within the testnet network until June 1st, 2020.
Scope
The bug bounty covers any of the autonomous agents deployed on testnet. Duplicate vulnerabilities are ineligible, only the first reporter will be rewarded. The frontend is not in the scope. The code can be found at: https://github.com/bonustrack/oswap/tree/master/public
Rewards
The bounty program will pay out rewards according to the severity of a vulnerability with a total budget of $400.
Reward | Severity | Examples |
$100 to $200 | Critical | Stealing assets from a pair, permanently freezing pair assets |
$50 to $100 | Major | Severe rounding errors where an attacker can steal funds |
$0 to $50 | Minor | Informational and code quality based disclosures |
Reporting
Please report any findings to fabien@bonustrack.co or fabien#4765 in Discord with full details about any vulnerability and steps / code to reproduce. Allow us time to review and remediate any findings before public disclosure.
Last updated