Bug Bounties

We typically conduct full unit tests with an internal audit and put mainnet smart contracts through external audits too, but you can never be too careful. That’s why we’re launching a bug bounty.

This bug bounty applies to all smart contracts used actively in live products on mainnet. All code can be found at https://github.com/ArmorFi.

The rewards are as follows:

Low — $1000

Low severity bugs affect the contract in a minimal way. A low severity bug, for example, may be the contract not applying to standards in a non-threatening way (such as there not being a total supply), or an external getter function not working correctly.

Medium — $5000

Medium severity bugs affect the contract in a minimally-harmful way. This includes bugs that lead to a small (but non-negligible) loss of funds or a loss of funds in extreme edge cases.

High — $10,000

High severity bugs are very harmful to the contract. They require the contract to be re-deployed or upgraded. An example of a high severity bug is an exploit that leads to severe loss of user funds.

Critical — up to $1,150,000----if loss is over $1M)

Critical severity bugs break the contract. They require the contract to be re-deployed or upgraded. An example of a critical severity bug is an exploit in which all user funds can be lost or an exploit that allows the contract to become completely disabled.

There is usually a description of the contract and main functions in the readme contained in the Github Repos linked to in the left panel under DEVELOPER RESOURCES.

Rewards will only be given to the bounty hunter that first submits the bug. The classification and reward given for any bug will be based on the OWASP risk rating system (above), but at the sole discretion of the token holders or Armor team.

Please contact dao@armor.fi with any reports.

Happy hunting!

Last updated