Bug Bounty
Unibot Contracts Bug Bounty
Our company values the security of UniBot. As part of our commitment to maintaining high security standards, we have implemented a bug bounty program to reward security researchers who discover and report security vulnerabilities in our smart contracts.
Reward
We offer a reward based on the severity of the vulnerability and affected fund. The severity is determined by our team based on the Immunefi Vulnerability Severity Classification System. The reward amount ranges from $50 to $50,000 USD.
Level | Examples | Reward Amount (USD) |
---|---|---|
Critical | Empty or freeze the contract's holdings, economic attacks, reentrancy attacks | Up to 50,000 |
High | Theft of yield, token holders temporarily unable to transfer holdings, composability bugs that can lead to the major economic impact | Up to 25,000 |
Medium | Contract out of gas, contract consumes unbounded gas, block stuffing, denial of service | Up to 10,000 |
Low | Contract fails to deliver promised returns, but doesn't lose value | Up to 1,000 |
None | Not following best practices, minor issues | 50 |
Again, it's important to note that these reward amounts are just an example and can be adjusted based on UniBot's budget and preferences. Additionally, the severity level of a vulnerability may be adjusted based on its specific impact on UniBot's smart contracts. The goal is to incentivize security researchers to report vulnerabilities in a timely and responsible manner, ultimately improving the security of UniBot's smart contracts.
Scope
The scope of our bug bounty program includes all deployed smart contracts of UniBot v2, which can be found in the UniBot v2 Smart Contracts. The following are not within the scope:
- UniBot websites or web-based services
- Third-party contracts
- Issues that are already listed on the audit report
Disclosure
To report a vulnerability, please create a ticket in our Discord or Typeform . Please include a detailed description of the vulnerability, steps to reproduce, and any additional information that may be helpful in understanding the issue.
Eligibility
We have some rules for you to be eligible for a reward under this program:
- You must be the first person to report the vulnerability.
- You must not publicly disclose the vulnerability.
- You must not exploit the vulnerability in any way.
- You must provide sufficient information to enable our team to reproduce and fix the issue.