Bug bounty
Bug bounty program of the Algofi protocol.
The bug bounty program covers the Algofi smart contracts (not web application, SDK etc.) and aims to reduce the chance of hack or protocol failure.
Rewards are distributed according to the following classifications:
Severity | Max Prize |
Critical | 10% of value at risk, up to $200,000 USD |
High | $25,000 USD |
Medium | $5,000 USD |
The severity is classified based on:
Severity | Description |
Critical |
|
High |
|
Medium |
|
Actual bounty payout is determined according to value at risk, likelihood/ease of exploitation, and complexity.
Email us at [email protected] a detailed description of the attack. Critical and high bug reports must come with a proof of concept.
Mainnet TEAL contracts (link to AlgoExplorer coming soon)
Impacts in Scope
Only the following impacts are accepted within this bug bounty program. All other impacts are not considered as in-scope, even if they affect something in the assets in scope table.
Any bug publicly acknowledged or mentioned in a publicly published audit. Additional exclusions may apply.
Any activities conducted in a manner consistent with this policy will be considered authorized conduct and the core developers will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, Algofi will take steps to make it known that your actions were conducted in compliance with this policy.
Exclusions
While researching, the core developers would like to ask you to refrain from:
- Denial of service
- Spamming
- Social engineering (including phishing) of Algofi core developers
- Any physical attempts against Algofi property or data centers
Last modified 1yr ago