Join the Immunefi Discord serverLet's do it
5 January 2020
Perpetual protocol, formerly known as Strike, was created in 2019 inspired by emerging DeFi protocols such as Synthetix and Uniswap. The team sought to combine the merits of these protocols to create a decentralized perpetual contract trading protocol on Ethereum. The protocol is capable of supporting 20x leverage, short positions, and lower slippage compared to other AMMs thanks to its virtual AMM (vAMM) design.
Unlike well known Automated Market Makers used for both token swaps and price discovery, the vAMM is solely used for price discovery to handle leverage and short positions. Similar to Uniswap, traders can trade with the vAMM without central authorities and is designed to be market neutral and fully collateralized.
PERP is the protocol’s ERC-20 native token. PERP tokens allow community members to govern the protocol and stake their tokens for a fixed amount of time to the Staking Pool. In return, holders are rewarded with the staking incentive, which includes rewards in PERP and transaction fees.
Further resources regarding Perpetual can be found on their website, https://docs.perp.fi/.
The bug bounty program is focused around its smart contracts and is mostly concerned with the loss of user funds. The program is further covered by the Armor Alliance Bug Bounty Challenge.
Verification of Perpetual Protocol’s bug bounty program on Immunefi is available at https://twitter.com/perpprotocol/status/1347001656404103168
Rewards are distributed according to the exploitability level of the vulnerability and its impact based on the Immunefi Vulnerability Severity Classification System. The listed rewards represent the maximum that will be paid out for a security bug reporting.
|Critical*||See below for more information|
|High||USD $5,000 - USD $9,999|
|Medium||USD $1,000 - USD $4,999|
|Low||Up to USD $999|
*The maximum payout for a “Critical” bounty is 10% of the total value locked in the “Clearing House” contract, currently estimated at a maximum base payout of USD 290 000, but with a minimum payout of USD 10 000. This page will update periodically to reflect changes in TVL. Click here to view the most up-to-date balance. In addition to this, for payments greater than or equal to USD 50 000, ArmorFi will match the reward 1:1 in ARMOR up to the base payout amount of USD 250 000 with up to 24 months in vesting under the Armor Alliance Bug Bounty Challenge. With the current estimated maximum base payout, the estimated total maximum payout is USD 540 000.
Base payouts are handled by the Perpetual team directly and are denominated in USD. However, payouts are done in PERP. For the ARMOR rewards from the Armor Alliance Bug Bounty Challenge, it is paid by the ArmorFi team.
|https://github.com/perpetual-protocol/perpetual-protocol/blob/master/src/bridge/ethereum/RootBridge.sol||Smart contract - RootBridge|
|https://github.com/perpetual-protocol/perpetual-protocol/blob/master/src/ChainlinkL1.sol||Smart contract - ChainlinkL1|
|https://github.com/perpetual-protocol/perpetual-protocol/blob/master/src/MetaTxGateway.sol||Smart contract - MetaTxGateway|
|https://github.com/perpetual-protocol/perpetual-protocol/blob/master/src/bridge/xDai/ClientBridge.sol||Smart contract - ClientBridge|
|https://github.com/perpetual-protocol/perpetual-protocol/blob/master/src/InsuranceFund.sol||Smart contract - InsuranceFund|
|https://github.com/perpetual-protocol/perpetual-protocol/blob/master/src/L2PriceFeed.sol||Smart contract - L2PriceFeed|
|https://github.com/perpetual-protocol/perpetual-protocol/blob/master/src/ClearingHouse.sol||Smart contract - ClearingHouse|
|https://github.com/perpetual-protocol/perpetual-protocol/blob/master/src/Amm.sol||Smart contract - Amm|
|https://github.com/perpetual-protocol/perpetual-protocol/blob/master/src/ClearingHouseViewer.sol||Smart contract - ClearingHouseViewer|
|https://github.com/perpetual-protocol/perpetual-protocol/blob/master/src/AmmReader.sol||Smart contract - AmmReader|
Perpetual is especially interested in receiving and rewarding vulnerabilities of the following types:
Additionally, Perpetual seeks reports of the following Immunefi Common Vulnerabilities.
The following Immunefi Commonly Excluded Vulnerabilities are excluded from the Perpetual bug bounty program.
See the Immunefi Standard Rules
Join our whitehat community and get notified when new bounties launch on the platform