We have a Bug & Code Bounty in partnership with Immunifi here
This has Ended Now
Details
- Maximum Bounty: $150,000
- Payout asset: USDT
- KYC: No KYC required
Rewards are distributed according to the impact of the vulnerability based on theย Immunefi Vulnerability Severity Classification System V2.2.ย This is a simplified 5-level scale, with separate scales for websites/apps, smart contracts, and blockchains/DLTs, focusing on the impact of the vulnerability reported.
All web/app bug reports must come with a PoC with an end-effect impacting an asset-in-scope in order to be considered for a reward. All Medium, High and Critical Smart Contract bug reports require a PoC to be eligible for a reward. Explanations and statements are not accepted as PoC and code is required.
Critical smart contract vulnerabilities are capped at 10% of economic damage, primarily taking into consideration funds at risk, but also PR and branding aspects, at the discretion of the team. However, there is a minimum reward ofย USD 15 000.
The following vulnerabilities are not eligible for a reward:
- MEV and sandwich attacks that involve Curve and Uniswap
- All vulnerabilities marked in theย Halborn security review 1ย are not eligible for a reward
- All vulnerabilities marked in theย Halborn security review 2ย are not eligible for a reward
- All vulnerabilities marked in theย Halborn security review 3ย are not eligible for a reward
Payouts are handled by theย Archimedesย team directly and are denominated in USD. However, payouts are done inย USDC.