Workers Auto Approve
Bancor V2 Bug Bounty - Up to $54K in awards
Solidity, defi, bug, bounty, bancor, v2, amm, liquidity, pools
- As the launch of version 2 of the Bancor Protocol approaches, we are announcing the Bancor V2 Bug Bounty.
- This public bounty program supports the ongoing professional audits and formal verification of Bancor V2 contracts.
- Awards for bugs discovered in the first two weeks of this program (July 16-July 30, 2020) will receive a 20% bonus.
**Submit a report to: email@example.com.**
Join the Bancor Developers Telegram Channel: https://t.me/bancordevelopers
_TestNet deployments of the Bancor Ropsten contracts will be deployed in the coming days._
The Bancor V2 Bug Bounty is limited to vulnerabilities affecting the Bancor Protocol smart contracts in this repository.
The following are not within the scope of the bounty program:
- Bugs in any third party contract or platform that interacts with Bancor V2
- Any previously reported or known bugs
- Vulnerabilities already reported and/or discovered in contracts built by third parties on Bancor V2
The severity of bugs will be assessed under the [CVSS Risk Rating](https://www.first.org/cvss/calculator/3.0).
Awards for bugs discovered July 16–30 2020:
- Critical (9.0–10.0): Up to $54,000
- High (7.0–8.9): Up to $14,400
- Medium (4.0–6.9): Up to $4,800
- Low (0.1–3.9): Up to $1,800
Awards for bugs discovered after 12:00AM GMT July 30 2020:
- Critical (9.0–10.0): Up to $45,000
- High (7.0–8.9): Up to $12,000
- Medium (4.0–6.9): Up to $4,000
- Low (0.1–3.9): Up to $1,500
Rewards will be determined based on the impact of the discovered vulnerability as well as the level of difficulty in reproducing the vulnerability.
### Disclosure Requirements
Any vulnerability or bug discovered must be reported only to the following email: firstname.lastname@example.org. The bug must not be disclosed publicly or to any other person, entity or email address other than email@example.com.
Please include as much detail about the vulnerability as possible including:
- Conditions on which reproducing the bug is contingent.
- Steps needed to reproduce the bug or, preferably, a proof of concept.
- Implications of the vulnerability being abused.
Any bug reporter who reports a previously unreported bug that results in a change to the code or a configuration change and who keeps the vulnerability confidential until it has been resolved by our engineers will be recognized publicly for their contribution, if agreed.
To be eligible for a reward in the Bancor V2 Bug Bounty, you must:
- Discover a previously unreported, non-public vulnerability that would result in a loss of or a lock of any token on Bancor V2 (but not on any third party platform interacting with Bancor V2) and that is within the Scope mentioned above.
- Be the first to disclose the unique vulnerability to firstname.lastname@example.org, in compliance with the Disclosure Requirements above.
- Provide sufficient information to enable our engineers to reproduce and fix the vulnerability.
- Not exploit the vulnerability in any way, including through making it public or by obtaining a profit (other than a reward under the Bug Bounty).
- Make a good faith effort to avoid privacy violations, destruction of data, interruption or degradation of Bancor V2.
- Not submit a vulnerability caused by an underlying issue that is the same as an issue on which a reward has been paid under the bounty program.
- Not be one of our current or former employees, vendors, or contractors or an employee of any of those vendors or contractors.
### Other Terms
All reward decisions, including eligibility for and amounts of the rewards and the manner in which such rewards will be paid, are made at our sole discretion.
The terms and conditions of the Bancor V2 Bug Bounty may be altered at any time.
Setup your profile
Tell us a little about you:
No results found for
Type to search skills..
Required [[totalcharacter]] / 240
Are you currently looking for work?
[[ option.string ]]
Setup your profile
Our tools are based on the principles of earn (💰), learn (📖), and meet (💬).
Select the ones you are interested in. You can change it later in your settings.
I'm also an organization manager looking for a great community.
Enable your organization profile
Gitcoin products can help grow community around your brand. Create your tribe, events, and incentivize your community with bounties. Announce new and upcoming events using townsquare. Find top-quality hackers and fund them to work with you on a grant.
These are the organizations you own. If you don't see your organization here please be sure that information is public on your GitHub profile. Gitcoin will sync this information for you.
Select the products you are interested in:
Out of the box you will receive Tribes Lite for your organization. Please provide us with a contact email: