Bug Bounty


The Bonfida Bug Bounty Program is set to incentivize responsible bug disclosure by our users. This program prioritizes bugs detected in the Bonfida smart contracts and is not focused on UI bugs.
Appropriate rewards will be distributed to users detecting medium to critical severity bugs on the core contracts of Bonfida.
We have partnered with the leading web3 bug bounty platform, Immunefi, to host this.


The bug bounty can be found here:
This home provides the terms of use, rules, scope, rewards and disclosure policies. Please note that there are requirements to appropriately disclose bugs in order to be eligible for rewards:
  1. 1.
    Provision of KYC is required to receive a reward.
KYC information is only required on confirmation of the validity of a bug report
KYC information would include; a wallet address, proof of address & a copy of your passport
  1. 2.
    The bug bounty adheres to a policy that limits the information sharable from the bug
Make sure to read the Responsible Publication Policy to safeguard that you remain eligible for the reward
  1. 3.
    Assets determine whether the bug is in or out of scope. Please familiarize yourself with the assets and impacts in scope before reporting a bug
All code of Bonfida can be found at Documentation for the assets provided in the Immunefi doc can be found at
Unless explicitly listed, only pages of the web/app assets in addition to the direct link are considered in-scope of the bug bounty program


The safety of our products is of the utmost importance. In the instances where a critical bug was found (and appropriately disclosed), we will generously reward users with up to 100K USD worth of FIDA.
The size of the reward depends on the asset and the impact of scope. Where low & critical bugs will be rewarded differently.
Rewards vary from 1K USD to 100K USD depending on the impact of scope