We have a Bug & Code Bounty in partnership with Immunifi here
This has Ended Now
- Maximum Bounty: $150,000
- Payout asset: USDT
- KYC: No KYC required
Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System V2.2. This is a simplified 5-level scale, with separate scales for websites/apps, smart contracts, and blockchains/DLTs, focusing on the impact of the vulnerability reported.
All web/app bug reports must come with a PoC with an end-effect impacting an asset-in-scope in order to be considered for a reward. All Medium, High and Critical Smart Contract bug reports require a PoC to be eligible for a reward. Explanations and statements are not accepted as PoC and code is required.
Critical smart contract vulnerabilities are capped at 10% of economic damage, primarily taking into consideration funds at risk, but also PR and branding aspects, at the discretion of the team. However, there is a minimum reward of USD 15 000.
The following vulnerabilities are not eligible for a reward:
- MEV and sandwich attacks that involve Curve and Uniswap
- All vulnerabilities marked in the Halborn security review 1 are not eligible for a reward
- All vulnerabilities marked in the Halborn security review 2 are not eligible for a reward
- All vulnerabilities marked in the Halborn security review 3 are not eligible for a reward
Payouts are handled by the Archimedes team directly and are denominated in USD. However, payouts are done in USDC.