Join the Immunefi Discord serverLet's do it
23 February 2021
Fuse was founded in 2019 with a mission to bring the power of mobile payments to communities around the world. With Fuse, anyone can launch and manage these new networks, empowered by simple, easy to use tools. A highly-skilled, diverse team of blockchain and web–based technology experts has been assembled in order to execute on our ambitious vision of putting truly democratized and borderless money into the hands of millions.
The bug bounty program is focused around its smart contracts used in its products, namely FuseSwap and FuseRewards, and is mostly concerned with the loss of user funds.
Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System. This is a simplified 5-level scale, with separate scales for websites/apps and smart contracts/blockchains, encompassing everything from consequence of exploitation to privilege required to likelihood of a successful exploit.
Smart Contracts and Blockchain*
Payouts are handled by Fuse directly and are denominated in USD. However, payouts are done in FUSE.
*One issue we know of with WFUSE is that totalSupply is not working. So, all vulnerabilities related to that are not given a reward, as it is a known issue.
|Smart Contract (Repo) - Fuseswap Smart|
|https://explorer.fuse.io/address/0xFB76e9E7d88E308aB530330eD90e84a952570319||Smart Contract - UniswapV2Router02|
|https://explorer.fuse.io/address/0x1d1f1A7280D67246665Bb196F38553b469294f3a||Smart Contract - UniswapV2Factory|
|LP rewards Dapp*|
|https://etherscan.io/address/0x9640B393a016ba171a15BB2E68A8B3327Ef7ee29||Smart Contract - Fuse/ETH LP reward pair on Mainnet|
|https://explorer.fuse.io/address/0x4EE7127d43B385C77308bdF9E9d59258ab11e836/contracts||Smart Contract - KNC/USDC LP reward pair on Fuse|
|Smart Contract - WFUSE (native wrapper)|
* Web and App bug reports are accepted within the scope of this bug bounty program, but have no payout.
We are especially interested in receiving and rewarding vulnerabilities of the following types:
We accept the following website/app vulnerabilities, though there is no reward for them:
The following vulnerabilities are excluded from the rewards for this bug bounty program:
The following vulnerabilities are not sought after for website bug reports:
The following activities are prohibited by bug bounty program:
Join our whitehat community and get notified when new bounties launch on the platform