8 January 2021
Live since
No
KYC required
$500,000
Maximum bounty
Badger DAO builds applications to help bring Bitcoin to DeFi.
Verification of Badger DAO’s bug bounty program on Immunefi is available at https://badger-finance.gitbook.io/badger-finance/bug-bounty
Rewards are distributed according to the exploitability level of the vulnerability and its impact based on the Immunefi Vulnerability Severity Classification System.
All bounties are capped at a maximum of 10% of the funds potentially affected.
Level | |
---|---|
Critical - Empty or freeze the contract’s holdings | Up to $500,000 |
High - Token holders temporarily unable to transfer holdings | Up to $5,000 |
Medium - Denial of Service (e.g. unbounded gas, block stuffing) | Up to $500 |
Low - Contract fails to deliver promised returns (e.g. high-level economic errors) | Up to $250 |
None - N/A | $0 |
Payouts are handled by Badger directly. Payouts are denominated in USD and are paid out in the reporter’s choice of:
We are especially interested in receiving and rewarding vulnerabilities of the following types:
The following vulnerabilities are not eligible for bounties under this program:
Additionally, Badger’s website hosted at https://badger.finance/ and the infrastructure that hosts that site are excluded from this bug bounty program. Reports of web vulnerabilities that do not impact Badger’s Web3 smart contract interface will not receive a payout under this program. Web vulnerabilities that are claimed to impact Badger’s Web3 smart contract interface must be accompanied by a proof-of-concept exploit. Web vulnerabilities may be included in future versions of this program; watch this page for updates.
The following actions and behaviors are prohibited. Doing so will prevent collection of a bounty and may result in prosecution:
Join our whitehat community and get notified when new bounties launch on the platform