If you report security issues within our backend, smart contracts, and operations, we offer a security bounty program. To be eligible for a bounty, be sure to follow these requirements:
Make sure you can describe the security issue you found in a concise and reproducible way.
Contact us first. If you use or publish the vulnerability you will not be eligible for a bounty payout. Our contact address is firstname.lastname@example.org.
Give us time to assess and address the issue. Sometimes behaviour can be perceived as security issue.
We will grade severity of reported issues and use the CVSS scale as a guideline. The ultimate decision about the severity we consider to be achieved remains in our discretion.
Payouts will be conducted in an established ERC20 stablecoin like USDC. Please make sure to be able to receive ERC20 tokens.