The Bonfida Bug Bounty Program is set to incentivize responsible bug disclosure by our users. This program prioritizes bugs detected in the Bonfida smart contracts and is not focused on UI bugs.
Appropriate rewards will be distributed to users detecting medium to critical severity bugs on the core contracts of Bonfida.
We have partnered with the leading web3 bug bounty platform, Immunefi, to host this.
- 1.Provision of KYC is required to receive a reward.
KYC information is only required on confirmation of the validity of a bug report
KYC information would include; a wallet address, proof of address & a copy of your passport
- 2.The bug bounty adheres to a policy that limits the information sharable from the bug
- 3.Assets determine whether the bug is in or out of scope. Please familiarize yourself with the assets and impacts in scope before reporting a bug
Unless explicitly listed, only pages of the web/app assets in addition to the direct link are considered in-scope of the bug bounty program
The safety of our products is of the utmost importance. In the instances where a critical bug was found (and appropriately disclosed), we will generously reward users with up to 100K USD worth of FIDA.
The size of the reward depends on the asset and the impact of scope. Where low & critical bugs will be rewarded differently.
Rewards vary from 1K USD to 100K USD depending on the impact of scope