Credit: The rules were inspired by AAVE’s bug bounty.
We are happy to announce the launch of HurricaneSwap Mainnet as well as our Bug Bounty Program. All the code has been audited by PeckShield but we want to achieve the maximum level of security so we are calling on our community to help us find any bugs or vulnerabilities.
- Public disclosure of a vulnerability would make it ineligible for a reward.
- Technical knowledge is required for the process.
- Duplicated issues are not eligible for reward. The first submission would be the eligible one.
- If you want to add more information to a provided issue, create a new submission giving reference to the initial one.
- Rewards will be decided on a case by case basis and the bug bounty program, terms, and conditions are at the sole discretion of Aave.
- Rewards will vary depending on the severity of the issue. Other variables considered for rewards include: the quality of the issue description, the instructions for reproducibility, and the quality of the fix (if included).
- Determinations of eligibility, score and all terms related to an award are at the sole and final discretion of Aave.
- Submissions need to be related with the Bounty Scope. Submissions out of the Bounty Scope won’t be eligible for a reward.
- Any interference with the protocol, client or platform services, on purpose or not during the process will make the submission process unvalid.
- Terms and conditions of the bug bounty process may vary over time.
- Our bug bounty follows a similar approach as Ethereum Bug Bounty. The severity of the issues will be based on the OWASP risk rating model based on Impact and Likelihood.
- It is mandatory to read and follow the responsible disclosure policy available in the references. Submissions not following the disclosure policy will not be eligible for a reward.
SUBMITTING A BUG
Send an email to email@example.com including as many details as possible about the vulnerability, the components affected, the reproduction of the issue and possible fixes.