diamond logo
menu icon
close icon
twitter logo
discord logo

Bug Bounty

Unibot Contracts Bug Bounty

Our company values the security of UniBot. As part of our commitment to maintaining high security standards, we have implemented a bug bounty program to reward security researchers who discover and report security vulnerabilities in our smart contracts.

Reward

We offer a reward based on the severity of the vulnerability and affected fund. The severity is determined by our team based on the Immunefi Vulnerability Severity Classification System. The reward amount ranges from $50 to $50,000 USD.

LevelExamplesReward Amount (USD)
CriticalEmpty or freeze the contract's holdings, economic attacks, reentrancy attacksUp to 50,000
HighTheft of yield, token holders temporarily unable to transfer holdings, composability bugs that can lead to the major economic impactUp to 25,000
MediumContract out of gas, contract consumes unbounded gas, block stuffing, denial of serviceUp to 10,000
LowContract fails to deliver promised returns, but doesn't lose valueUp to 1,000
NoneNot following best practices, minor issues50

Again, it's important to note that these reward amounts are just an example and can be adjusted based on UniBot's budget and preferences. Additionally, the severity level of a vulnerability may be adjusted based on its specific impact on UniBot's smart contracts. The goal is to incentivize security researchers to report vulnerabilities in a timely and responsible manner, ultimately improving the security of UniBot's smart contracts.

Scope

The scope of our bug bounty program includes all deployed smart contracts of UniBot v2, which can be found in the UniBot v2 Smart Contracts. The following are not within the scope:

  • UniBot websites or web-based services
  • Third-party contracts
  • Issues that are already listed on the audit report

Disclosure

To report a vulnerability, please create a ticket in our Discord or Typeform . Please include a detailed description of the vulnerability, steps to reproduce, and any additional information that may be helpful in understanding the issue.

Eligibility

We have some rules for you to be eligible for a reward under this program:

  • You must be the first person to report the vulnerability.
  • You must not publicly disclose the vulnerability.
  • You must not exploit the vulnerability in any way.
  • You must provide sufficient information to enable our team to reproduce and fix the issue.

We reserve the right to make all decisions regarding rewards, including scope, eligibility criteria, reward amounts, and payment methods. We may also modify this program at any time.