OpenLeverage Bug Bounty Program
In preparation for a mainnet launch, we have completed rigorous testing on all of our smart contracts. We’ve also open-sourced our code and engaged Certik and PeckShield to perform audits throughout our codebase.
Now, we’re excited to launch our Bug Bounty Program. We take the protocol’s security very seriously. Thus we’re continuously seeking help from the broader community to find bugs that have escaped the previous audits in OpenLeverage Protocol before our launch. Below is our submission process for the bug bounty program.
The bug bounty is now on and will continue through the day before the mainnet official launch.
- Vulnerabilities that have been revealed from our existing audit reports are not eligible for the bug bounty.
- Existing issues opened on the repository are not eligible for the bug bounty.
- Non-security-related issues such as front-end bugs and gas optimization are not eligible for the bug bounty.
- Do not publicly share the vulnerability before it has been patched
- When duplicates occur, we may only award the first report received
- Paid auditors by OpenLeverage protocol are not eligible for the bounty
Please submit your findings to email@example.com.
Rewards will be based on the severity of the bug found, and the rewards will be payable in USDT.
We will categorize each finding with the level of severity, which is solely at the discretion of the OpenLeverage Protocol team. We follow OWASP risk rating methodology and estimate a bug’s severity based on the potential impact and the likelihood an exploit will happen.
Critical: Up to 20,000 USDT
High: Up to 10,000 USDT
Medium: Up to 2,500 USDT
Low: Up to 500 USDT
A big shout out to those participating in making OpenLeverage Protocol safer and more secure. Still have questions? Join us on Discord!