The scope of the bug bounty is limited to contracts located within the AirSwap Protocols repository that have been deployed onto mainnet. Latest mainnet deploys for the following are at this commit hash.
Swap: Atomic Swap Between Tokens
Indexer: Counterparty Discovery with Staking
Index: Ordered List of Locators
DelegateFactory: Deploys New Delegates
Delegate: Onchain Trading Delegate
Types: Types and Hashes
Wrapper: Use ether for WETH trades
The value of rewards will vary depending on severity as judged by the AirSwap team. Severity is determined according to the OWASP risk rating model based on Impact and Likelihood, as employed in the Ethereum bug bounty campaign.
- Low: Up to 250 DAI
- Medium: Up to 500 DAI
- High: Up to 2,000 DAI
- Critical: Up to 20,000 DAI
A few friendly rules
- Bounties go to the first to report via email to email@example.com.
- Don’t steal or attempt to steal others funds.
- Don’t publicly disclose a bug before it has been fixed.
- Paid auditors of this code are not eligible for rewards.
- Issues that are mentioned in the security audits are not eligible. See the most recent security audit on GitHub.
- Issues that are mentioned in individual security reports (for example Swap) are not eligible.
- Non-security critical issues (e.g. style or gas optimizations) are ineligible.
- Determinations of eligibility, score and all terms related to an award are at the sole and final discretion of the AirSwap team.
Submitting a bug report
AirSwap enables peer-to-peer trading on the Ethereum blockchain. Built on a decentralized protocol, traders can add or remove liquidity through a suite of trustless products that are easy to use and free. Our mission is to empower the world with frictionless trade.