Alpaca Finance
Published in

Alpaca Finance

Alpaca Finance Bug Bounty Program

Hello, my fellow Alpacas,

I have an announcement for the herd today. The security of Alpaca Finance’s systems is of the highest priority for our team. Yet, even with significant scrutiny and auditing, there’s still a possibility of vulnerabilities considering the novelty of the growing DeFi ecosystem.

That’s why on top of our own efforts and professional auditing, we’re launching a Bounty Program to identify bugs and vulnerabilities in the protocol infrastructure and smart contracts. In other words, we’ll reward you for helping us make the system as invulnerable as possible.

We kindly ask you to notify us in case you discover an issue so we can immediately take steps to address and fix it. As compensation, we’re allocating .5% of the total supply of $ALPACA tokens to successful bounty hunters, which will come from our Warchest. Please review the program terms and scope below.

Issue Severity Classification and Associated Rewards

The submitted issue needs to meet a minimum severity standard of Low as described below in order to qualify for a reward. A successfully-reviewed submission will receive a reward in BUSD tokens based on the classified severity of the issue:

Low: Up to $ 1,000 — An issue that could cause user dissatisfaction or minor technical failure.

Medium: Up to $ 5,000 — An issue that could theoretically cause a minor loss of <.1% of the protocol funds, damage the protocol state, or cause severe user dissatisfaction or moderate technical failure.

High: Up to $ 15,000 — An issue that could cause the immediate loss of protocol funds between .1%< X <10%, or severely damage the protocol state.

Critical: Up to $ 50,000 — An issue that could cause immediate loss of >10% of the protocol funds or permanently impair the protocol state.

Rules

⦁ Rewards will vary depending on the severity of the issue. In addition, you can increase the reward by providing high-quality information in the following aspects: Issue description, instructions to reproduce the issue, and a solution(optional).

⦁ If you’d like to add more information regarding the reported issue, you can create a new submission that includes a reference to the initial one.

⦁ Technical knowledge is necessary for the process.

⦁ Duplicated reports of known issues are ineligible. The first submission will get the reward. So be sure to report promptly.

⦁ Rewards will be determined on a case-by-case basis. The bug bounty program, and the terms and conditions are at the sole discretion of Alpaca Finance.

⦁ The terms and conditions of the bug bounty program may change over time.

⦁ While the issue is active, any interference with the protocol or client/platform services, whether accidental or not, will invalidate the submission from receiving a reward.

⦁ Public disclosure of a vulnerability would guarantee a submission’s disqualification. Please read and abide by the following responsible disclosure policy or your report may become ineligible for a reward.

Responsible Disclosure Policy

If you discover a vulnerability, make sure to follow all the steps below:

1. As soon as possible, write a report of the issue in as much detail and accuracy as you can, then send it to: bugreport@alpacafinance.org

2. Do not reveal any information about the issue to anyone outside the team.

3. Do not take advantage of the issue.

4. Do not attack our system or protocol.

Once we receive your report, we promise to do the following:

1. Respond to your report within 5 business days.

2. Handle your report with strict confidentiality.

3. Provide you updates regarding the progress of your submission status and the resolution of the reported issue.

4. Give you credit by naming you as the successful bounty hunter of the issue, unless you desire otherwise.

5. Offer you the proper reward as per the prior rules to thank you for helping us make Alpaca as secure as possible!

--

--

--

Alpaca Finance is a leverage yield farming protocol built on BNB Chain and Fantom. It allows yield farmers to earn higher returns by opening leveraged positions

Recommended from Medium

AlgoBlocks is now supported by Cyberport Hong Kong Incubation Programme

Introducing AntiEuler

Malware Analysis — Olympic Destroyer

Injector Walkthrough Servmor Security

Data Privacy Day 2019: Top Ten Privacy Tips

Moma Protocol : PRE-IDO Is Now Open — Check Below For Deposit Address And Instructions On How To…

Story of My First Bounty

{UPDATE} 卡车模拟器:欧洲货车司机大冒险 Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Samsara NotALlama

Samsara NotALlama

Head of Strategy and Marketing at AlpacaFinance.org

More from Medium

Beginners Guide to Deri V3 AMM Liquidity Mining

Official Mainnet Launch Date Announcement

Arable Contract Bug Bounty

Celebrating the 100,000 HODL Campaign