23 February 2021
Live since
No
KYC required
$25,000
Maximum bounty
Fuse was founded in 2019 with a mission to bring the power of mobile payments to communities around the world. With Fuse, anyone can launch and manage these new networks, empowered by simple, easy to use tools. A highly-skilled, diverse team of blockchain and web–based technology experts has been assembled in order to execute on our ambitious vision of putting truly democratized and borderless money into the hands of millions.
The bug bounty program is focused around its smart contracts used in its products, namely FuseSwap and FuseRewards, and is mostly concerned with the loss of user funds.
Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System. This is a simplified 5-level scale, with separate scales for websites/apps and smart contracts/blockchains, encompassing everything from consequence of exploitation to privilege required to likelihood of a successful exploit.
Smart Contracts and Blockchain*
Level | |
---|---|
Critical | $25,000 |
High | $10,000 |
Medium | $5,000 |
Low | $1,000 |
Payouts are handled by Fuse directly and are denominated in USD. However, payouts are done in FUSE.
*One issue we know of with WFUSE is that totalSupply is not working. So, all vulnerabilities related to that are not given a reward, as it is a known issue.
Target | Type |
---|---|
https://github.com/fuseio/fuseswap-interface http://fuseswap.com/ | Fuseswap Dapp* |
https://github.com/fuseio/fuseswap-v2-core https://github.com/fuseio/fuseswap-v2-periphery | Smart Contract (Repo) - Fuseswap Smart |
https://explorer.fuse.io/address/0xFB76e9E7d88E308aB530330eD90e84a952570319 | Smart Contract - UniswapV2Router02 |
https://explorer.fuse.io/address/0x1d1f1A7280D67246665Bb196F38553b469294f3a | Smart Contract - UniswapV2Factory |
https://github.com/fuseio/fuse-lp-rewards http://rewards.fuse.io/ | LP rewards Dapp* |
https://etherscan.io/address/0x9640B393a016ba171a15BB2E68A8B3327Ef7ee29 | Smart Contract - Fuse/ETH LP reward pair on Mainnet |
https://explorer.fuse.io/address/0x4EE7127d43B385C77308bdF9E9d59258ab11e836/contracts | Smart Contract - KNC/USDC LP reward pair on Fuse |
https://explorer.fuse.io/address/0x0BE9e53fd7EDaC9F859882AfdDa116645287C629 https://github.com/fuseio/canonical-weth | Smart Contract - WFUSE (native wrapper) |
* Web and App bug reports are accepted within the scope of this bug bounty program, but have no payout.
We are especially interested in receiving and rewarding vulnerabilities of the following types:
Smart Contracts/Blockchain:
Web/App Vulnerabilities
We accept the following website/app vulnerabilities, though there is no reward for them:
The following vulnerabilities are excluded from the rewards for this bug bounty program:
The following vulnerabilities are not sought after for website bug reports:
The following activities are prohibited by bug bounty program:
Join our whitehat community and get notified when new bounties launch on the platform