Introducing the bZx Bug Bounty Program

Today we are happy to announce that finding vulnerabilities in the bZx protocol will result in a bug bounty being paid out. We will be using the CVSS vulnerability scoring system to assess the severity of the bugs.

Scope

Only vulnerabilities found in the smart contracts on-chain will be considered eligible for a bug bounty. Bugs in the web front-end will not be included in the scope of the program. Any vulnerabilities found should be disclosed privately at team@bzx.network. You must send an email to this address in order to be eligible for the bounty.

Payouts

Payouts will be denominated in either ETH, DAI, or USDC. We require proof of identity before issuing a payout. If you submit the bug anonymously, you will not be eligible for a payout. However, you can direct the payout to a charity of your choice.

Compensation

Note: Up to $100 USD
Low: Up to $300 USD
Medium: Up to $1,000 USD
High: Up to $3,000 USD
Critical: Up to $5,000 USD

As the platform matures, we will be increasing the compensation associated with these bounties.

Join us in our Technical Community or Telegram if you have questions or would like to chat. Our contracts can be found on Github. Documentation can be found here. Learn more about us on our website.