🐞
Bug Bounty
The Bubbleswap team has opened a vulnerability feedback reward campaign, and you are very welcome to report vulnerabilities.
The vulnerability feedback reward campaign includes all contracts in the Bubbleswap smart contract.
We will assess the severity of vulnerabilities based on CVSS, with rewards corresponding to different severity levels.
Severity Levels | Rewards |
|---|---|
Very High (9.0-10) | $100,000 |
High (7.0-8.9) | $10,000 |
Medium (4.0-6.9) | $5,000 |
Low (0.1-3.9) | $1,000 |
In addition to differentiating rewards based on severity, we also offer different rewards based on the impact of the vulnerability and the difficulty of discovery.
Any bugs or vulnerabilities should be reported to the BubbleSwap team at [email protected], which is the only channel. Bounty hunters should not disclose to other individuals or groups until they have contacted BubbleSwap. Also, please be sure to inform the BubbleSwap team as soon as possible after discovering a vulnerability and include as much detail as possible about the vulnerability in your email, including :
- Conditions for reproducing the vulnerability
- Steps to reproduce the vulnerability
- The potential danger of the vulnerability
- A detailed vulnerability report will increase the likelihood and amount of a reward.
For users who provide a valid vulnerability report and keep it confidential, we will make a public acknowledgement with your consent.
Last modified 4mo ago