Bug Bounty

We’re announcing a bug bounty program. If you see an exploit in one of our contracts, report it and we will reward you with Vybe.

Only the first person to report a bug can claim a bounty on it. You can report multiple bugs, but may not report the same bug multiple times (via splitting one up into parts).

If you report a reported bug or write a quality review up for us to read, you will also get rewarded an amount of Vybe at our discretion.

Thank you to everyone who takes a shot at it. We appreciate your discovery efforts and letting us know what you find. Any contract on our GitHub is eligible for this program! Please send all bug reports to [email protected].

Exploit Levels

Small Exploits

100-500 Vybe

Small exploits: gaming the system; applies to problems with a viable solution. Division rounding manipulation is not eligible.

Medium Exploits

2000-3000 Vybe

Medium-sized exploits: exploits that will damage the project.

Critical Exploits

5000 Vybe

Critical exploits: If you manage to withdraw funds when you’re not supposed to be able to or have a similarly critical bug, we will award you our most generous Vybe reward.

Response

As mentioned, when you report a bug, if you include a thorough write up you may also get additional rewards (amount at our discretion) for the insight and care! Building off a combination of your write-up, our own research, and team development spikes, we will work to resolve the issue. Upon resolution, we will have a development post-mortem. Dependent on security risk, these post-mortems will be made publicly available. At this time, no major exploits have been found.