# Bug bounty

### Overview

Help us identify bugs, vulnerabilities, and exploits in the autonomous agents and get rewarded. This bounty program will run within the testnet network until **June 1st, 2020**.

### Scope

The bug bounty covers any of the autonomous agents deployed on testnet. Duplicate vulnerabilities are ineligible, only the first reporter will be rewarded. The frontend is not in the scope. The code can be found at: <https://github.com/bonustrack/oswap/tree/master/public>

### Rewards

The bounty program will pay out rewards according to the severity of a vulnerability with a total budget of $400.

| Reward       | Severity | Examples                                                      |
| ------------ | -------- | ------------------------------------------------------------- |
| $100 to $200 | Critical | Stealing assets from a pair, permanently freezing pair assets |
| $50 to $100  | Major    | Severe rounding errors where an attacker can steal funds      |
| $0 to $50    | Minor    | Informational and code quality based disclosures              |

### Reporting

Please report any findings to <fabien@bonustrack.co> or [fabien#4765](https://discord.gg/Qn6JWfT) in Discord with full details about any vulnerability and steps / code to reproduce. Allow us time to review and remediate any findings before public disclosure.