Overview
The Bonfida Bug Bounty Program is set to incentivize responsible bug disclosure by our users. This program prioritizes bugs detected in the Bonfida smart contracts and is not focused on UI bugs.
Appropriate rewards will be distributed to users detecting medium to critical severity bugs on the core contracts of Bonfida.
- 1.Loss of user funds staked
- 2.Loss/manipulation of governance funds
- Including novel governance attacks
- 3.Logic errors
- 4.Theft of unclaimed funds
- 5.Freezing unclaimed funds
- 6.Trusting trust/dependency vulnerabilities
- Including composability vulnerabilities
- 7.Oracle failure and/or manipulation
- 8.Congestion and scalability
- 9.Consensus failures
- 10.Cryptography problems
- 11.Leak and/or deletion of user data
- 12.Redirecting funds by address modification
- 13.Accessing sensitive pages without authorization
- 1.Report on third party bugs
- Any third party contract or platform that interacts with Bonfida
- Incorrect data supplied by third party oracles
- 2.Lack of liquidity
- 3.Critiques on best practices
- 4.Reporting of sybil attacks
- 5.Reports about outdated dependencies
- 6.Theoretical vulnerabilities without any proof or demonstration
- As well as vulnerabilities requiring unlikely user actions
- 7.URL Redirects (unless combined with another vulnerability to produce a more severe vulnerability)
- 8.Attacks requiring privileged access from within the organization
- 9.Feature requests do not count as bugs
- 10.Reporting phishing or other social engineering attacks against our employees and/or customers
- This includes reports on spamming
- 11.Front-end bugs