The scope of the bug bounty is limited to contracts located within the AirSwap Protocols repository that have been deployed onto mainnet. Latest mainnet deploys for the following are at this commit hash.
Swap: Atomic Swap Between Tokens
Indexer: Counterparty Discovery with Staking
Index: Ordered List of Locators
DelegateFactory: Deploys New Delegates
Delegate: Onchain Trading Delegate
Types: Types and Hashes
Wrapper: Use ether for WETH trades
The value of rewards will vary depending on severity as judged by the AirSwap team. Severity is determined according to the OWASP risk rating model based on Impact and Likelihood, as employed in the Ethereum bug bounty campaign.
- Low: Up to 250 DAI
- Medium: Up to 500 DAI
- High: Up to 2,000 DAI
- Critical: Up to 20,000 DAI
A few friendly rules
- Bounties go to the first to report via email to firstname.lastname@example.org.
- Don’t steal or attempt to steal others funds.
- Don’t publicly disclose a bug before it has been fixed.
- Paid auditors of this code are not eligible for rewards.
- Issues that are mentioned in the security audits are not eligible. See the most recent security audit on GitHub.
- Issues that are mentioned in individual security reports (for example Swap) are not eligible.
- Non-security critical issues (e.g. style or gas optimizations) are ineligible.
- Determinations of eligibility, score and all terms related to an award are at the sole and final discretion of the AirSwap team.
Submitting a bug report
More about AirSwap
- Subscribe to the Fluidity Blog
- Request and upvote new features on AirSwap
- Catch up on AirSwap product updates
- Follow AirSwap on Facebook, Twitter, LinkedIn, Instagram, and YouTube
- Visit our AirSwap Developer Tools for the latest AirSwap tutorials, docs, and updates
- Join us on our Discord and Telegram
- Subscribe to AirSwap’s subreddit