Only the first person to report a bug can claim a bounty on it. You can report multiple bugs, but may not report the same bug multiple times (via splitting one up into parts).
If you report a reported bug or write a quality review up for us to read, you will also get rewarded an amount of Vybe at our discretion.
Thank you to everyone who takes a shot at it. We appreciate your discovery efforts and letting us know what you find. Any contract on our GitHub is eligible for this program! Please send all bug reports to [email protected].
Small exploits: gaming the system; applies to problems with a viable solution. Division rounding manipulation is not eligible.
Medium-sized exploits: exploits that will damage the project.
Critical exploits: If you manage to withdraw funds when you’re not supposed to be able to or have a similarly critical bug, we will award you our most generous Vybe reward.
As mentioned, when you report a bug, if you include a thorough write up you may also get additional rewards (amount at our discretion) for the insight and care! Building off a combination of your write-up, our own research, and team development spikes, we will work to resolve the issue. Upon resolution, we will have a development post-mortem. Dependent on security risk, these post-mortems will be made publicly available. At this time, no major exploits have been found.