Alpaca Finance Bug Bounty Program

Samsara NotALlama
Mar 4 · 3 min read

Hello, my fellow Alpacas,

I have an announcement for the herd today. The security of Alpaca Finance’s systems is of the highest priority for our team. Yet, even with significant scrutiny and auditing, there’s still a possibility of vulnerabilities considering the novelty of the growing DeFi ecosystem.

That’s why on top of our own efforts and professional auditing, we’re launching a Bounty Program to identify bugs and vulnerabilities in the protocol infrastructure and smart contracts. In other words, we’ll reward you for helping us make the system as invulnerable as possible.

We kindly ask you to notify us in case you discover an issue so we can immediately take steps to address and fix it. As compensation, we’re allocating .5% of the total supply of $ALPACA tokens to successful bounty hunters, which will come from our Warchest. Please review the program terms and scope below.

Issue Severity Classification and Associated Rewards

The submitted issue needs to meet a minimum severity standard of Low as described below in order to qualify for a reward. A successfully-reviewed submission will receive a reward in BUSD tokens based on the classified severity of the issue:

Low: Up to $ 1,000 — An issue that could cause user dissatisfaction or minor technical failure.

Medium: Up to $ 5,000 — An issue that could theoretically cause a minor loss of <.1% of the protocol funds, damage the protocol state, or cause severe user dissatisfaction or moderate technical failure.

High: Up to $ 15,000 — An issue that could cause the immediate loss of protocol funds between .1%< X <10%, or severely damage the protocol state.

Critical: Up to $ 50,000 — An issue that could cause immediate loss of >10% of the protocol funds or permanently impair the protocol state.

Rules

⦁ Rewards will vary depending on the severity of the issue. In addition, you can increase the reward by providing high-quality information in the following aspects: Issue description, instructions to reproduce the issue, and a solution(optional).

⦁ If you’d like to add more information regarding the reported issue, you can create a new submission that includes a reference to the initial one.

⦁ Technical knowledge is necessary for the process.

⦁ Duplicated reports of known issues are ineligible. The first submission will get the reward. So be sure to report promptly.

⦁ Rewards will be determined on a case-by-case basis. The bug bounty program, and the terms and conditions are at the sole discretion of Alpaca Finance.

⦁ The terms and conditions of the bug bounty program may change over time.

⦁ While the issue is active, any interference with the protocol or client/platform services, whether accidental or not, will invalidate the submission from receiving a reward.

⦁ Public disclosure of a vulnerability would guarantee a submission’s disqualification. Please read and abide by the following responsible disclosure policy or your report may become ineligible for a reward.

Responsible Disclosure Policy

If you discover a vulnerability, make sure to follow all the steps below:

1. As soon as possible, write a report of the issue in as much detail and accuracy as you can, then send it to: bugreport@alpacafinance.org

2. Do not reveal any information about the issue to anyone outside the team.

3. Do not take advantage of the issue.

4. Do not attack our system or protocol.

Once we receive your report, we promise to do the following:

1. Respond to your report within 5 business days.

2. Handle your report with strict confidentiality.

3. Provide you updates regarding the progress of your submission status and the resolution of the reported issue.

4. Give you credit by naming you as the successful bounty hunter of the issue, unless you desire otherwise.

5. Offer you the proper reward as per the prior rules to thank you for helping us make Alpaca as secure as possible!

Alpaca Finance

Leveraged yield farming made-simple on Binance Smart Chain

Alpaca Finance

Alpaca Finance is a leverage yield farming protocol built on the Binance Smart Chain. It allows yield farmers to earn higher returns by opening leveraged positions

Samsara NotALlama

Written by

Head of Strategy and Marketing at AlpacaFinance.org, Core Team at Wault.Finance

Alpaca Finance

Alpaca Finance is a leverage yield farming protocol built on the Binance Smart Chain. It allows yield farmers to earn higher returns by opening leveraged positions

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store