We typically conduct full unit tests with an internal audit and put mainnet smart contracts through external audits too, but you can never be too careful. That’s why we’re launching a bug bounty.
Low severity bugs affect the contract in a minimal way. A low severity bug, for example, may be the contract not applying to standards in a non-threatening way (such as there not being a total supply), or an external getter function not working correctly.
Medium severity bugs affect the contract in a minimally-harmful way. This includes bugs that lead to a small (but non-negligible) loss of funds or a loss of funds in extreme edge cases.
High severity bugs are very harmful to the contract. They require the contract to be re-deployed or upgraded. An example of a high severity bug is an exploit that leads to severe loss of user funds.
Critical severity bugs break the contract. They require the contract to be re-deployed or upgraded. An example of a critical severity bug is an exploit in which all user funds can be lost or an exploit that allows the contract to become completely disabled.
There is usually a description of the contract and main functions in the readme contained in the Github Repos linked to in the left panel under DEVELOPER RESOURCES.
Rewards will only be given to the bounty hunter that first submits the bug. The classification and reward given for any bug will be based on the OWASP risk rating system (above), but at the sole discretion of the token holders or Armor team.