OpenLeverage Bug Bounty Program

In preparation for a mainnet launch, we have completed rigorous testing on all of our smart contracts. We’ve also open-sourced our code and engaged Certik and PeckShield to perform audits throughout our codebase.

Now, we’re excited to launch our Bug Bounty Program. We take the protocol’s security very seriously. Thus we’re continuously seeking help from the broader community to find bugs that have escaped the previous audits in OpenLeverage Protocol before our launch. Below is our submission process for the bug bounty program.

Scope

The bug bounty only covers the smart contracts from the commit of ..d44d9d on the master branch of the Github repository, not including the example contracts and the contracts in the test folder.

Timeline

The bug bounty is now on and will continue through the day before the mainnet official launch.

Rules

  • Vulnerabilities that have been revealed from our existing audit reports are not eligible for the bug bounty.
  • Existing issues opened on the repository are not eligible for the bug bounty.
  • Non-security-related issues such as front-end bugs and gas optimization are not eligible for the bug bounty.
  • Do not publicly share the vulnerability before it has been patched
  • When duplicates occur, we may only award the first report received
  • Paid auditors by OpenLeverage protocol are not eligible for the bounty

Submission

Please submit your findings to security@openleverage.finance.

Rewards

Rewards will be based on the severity of the bug found, and the rewards will be payable in USDT.

We will categorize each finding with the level of severity, which is solely at the discretion of the OpenLeverage Protocol team. We follow OWASP risk rating methodology and estimate a bug’s severity based on the potential impact and the likelihood an exploit will happen.

Critical: Up to 20,000 USDT

High: Up to 10,000 USDT

Medium: Up to 2,500 USDT

Low: Up to 500 USDT

Thank You

A big shout out to those participating in making OpenLeverage Protocol safer and more secure. Still have questions? Join us on Discord!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store