Mushrooms Finance
14 December 2020
Live since
No
KYC required
$10,000
Maximum bounty
Program Overview
Mushrooms Finance is yet another crypto earning vault with a focus on seeking sustainable profit in the DeFi universe. The first version of the Mushrooms Finance smart contracts were created out of inspiration from popular DeFi projects like Yearn Finance (YFI) and Sushiswap, among many others.
Verification
Verification of Mushrooms Finance’s bug bounty program on Immunefi is available at https://github.com/mushroomsforest/deployment/blob/main/security.md
Rewards by Threat Level
Rewards are distributed according to the exploitability level of the vulnerability and its impact based on the Immunefi Vulnerability Severity Classification System.
| Level | |
|---|---|
| Critical - Empty or freeze the contract’s holdings | $4,000 - $10,000 |
| High - Token holders temporarily unable to transfer holdings | $800 - $4,000 |
| Medium - Denial of Service (e.g. unbounded gas, block stuffing) | $200 - $800 |
| Low - Contract fails to deliver promised returns (e.g. high-level economic errors) | $50 - $200 |
| None - N/A | $0 |
The rewards represent the maximum that will be paid out for a security bug reporting.
Payouts are handled by Mushrooms Finance directly. Payouts are denominated and are paid out in USDC:
Rules
- The bug MUST NOT have been previously publicly disclosed.
- Vulnerabilities that have been previously submitted by other contributors or that are already known by the Mushrooms Finance team are not eligible for rewards.
- Bugs must be reproducible. Reproduction will be done on a local testnet or in some rare case on the Ethereum mainnet.
- Rewards and the validity of bugs are determined by Mushrooms Finance team. Any payouts are made at their sole discretion.
- The terms and conditions of the Bug Bounty program may be changed at any time at the sole discretion of Mushrooms Finance team.
- The details of any valid bugs may be shared with complementary protocols utilized in Mushrooms Finance’s contracts for the overall benefit of broader community.
Assets in Scope
| Target | Type |
|---|---|
| https://github.com/mushroomsforest/deployment | Deployed smart contracts |
| https://mushrooms.finance | Frontend |
For other artifacts outside of those mentioned above, please do reach out to the Mushrooms Finance core dev team for clarification on a case by case base.
Reporting Sharing
In the event that Mushrooms Finance becomes aware of security issues affecting other projects that do not affect Mushrooms Finance, we may inform those projects of those security issues, on a best-effort basis.
In the case where Mushrooms Finance fixes a security issue that also affects other partners and/or well-known projects, Mushrooms Finance’s intention is to engage in responsible reporting with them as described in this security standard.
Want to help us protect crypto from hacks?
Join our whitehat community and get notified when new bounties launch on the platform