Join the Immunefi Discord serverLet's do it
7 April 2021
The Bancor Protocol is anon-chain liquidity protocol that enables automated, decentralized exchange any smart contract-enabled blockchain. The Bancor Protocol is an open-source standard for liquidity pools, which in turn provide an endpoint for automated market-making (buying / selling tokens) against a smart contract.
The Bancor Network currently operates on the Ethereum and is designed to be interoperable across blockchains. Our implementation can be easily integrated into any application enabling value exchanges and is open-source and permissionless. Ecosystem participants are encouraged to contribute to and enhance the Bancor Protocol.
The bug bounty program is focused around their smart contracts and is mostly concerned with the loss of user funds. This program is further covered by the Armor Alliance Bug Bounty Challenge.
Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System. This is a simplified 5-level scale, with separate scales for websites/apps and smart contracts/blockchains, encompassing everything from consequence of exploitation to privilege required to likelihood of a successful exploit.
Smart Contracts and Blockchain
For any bug reports to be eligible for a reward, they must include:
Additionally, any bug reporter who reports a previously unreported bug that results in a change to the code or a configuration change and who keeps the vulnerability confidential until it has been resolved by our engineers, will be recognized publicly for their contribution, if agreed and desired by the bug reporter.
All reward decisions, including eligibility for and amounts of the rewards and the manner in which such rewards will be paid, are made at Bancor’s sole discretion.
Payouts for Low to High bug reports as well as the first USD 50 000 of Critical bug reports are handled by the Bancor core devs directly and are denominated in USD. However, payouts are done in BNT. For Critical bug reports, the remaining USD 50 000 is paid by ArmorFi under the Armor Alliance Bug Bounty Challenge in ARMOR with a vesting period of up to 24 months.
To be eligible for a reward in the Bancor Bug Bounty Program, you must:
We are especially interested in receiving and rewarding vulnerabilities of the following types:
The following vulnerabilities are excluded from the rewards for this bug bounty program:
The following activities are prohibited by bug bounty program:
Join our whitehat community and get notified when new bounties launch on the platform