🐞Bug Bounty

The Bubbleswap team has opened a vulnerability feedback reward campaign, and you are very welcome to report vulnerabilities.

Scope

The vulnerability feedback reward campaign includes all contracts in the Bubbleswap smart contract.

Rewards

We will assess the severity of vulnerabilities based on CVSS, with rewards corresponding to different severity levels.

Severity LevelsRewards

Very High (9.0-10)

$100,000

High (7.0-8.9)

$10,000

Medium (4.0-6.9)

$5,000

Low (0.1-3.9)

$1,000

In addition to differentiating rewards based on severity, we also offer different rewards based on the impact of the vulnerability and the difficulty of discovery.

Information Notice

Any bugs or vulnerabilities should be reported to the BubbleSwap team at contact@bubbleswap.co, which is the only channel. Bounty hunters should not disclose to other individuals or groups until they have contacted BubbleSwap. Also, please be sure to inform the BubbleSwap team as soon as possible after discovering a vulnerability and include as much detail as possible about the vulnerability in your email, including :

  • Conditions for reproducing the vulnerability

  • Steps to reproduce the vulnerability

  • The potential danger of the vulnerability

  • A detailed vulnerability report will increase the likelihood and amount of a reward.

For users who provide a valid vulnerability report and keep it confidential, we will make a public acknowledgement with your consent.

Last updated