Golff Finance
Published in

Golff Finance

Golff Bug Bounty Program

Golff.Finance is committed to providing safe and reliable services to users, and the security of the system has always been a top priority for the team’s development. Although Golff has been strictly reviewed by multiple auditors, there is still the possibility of vulnerabilities considering the ever-changing nature of DeFi’s product ecology.

For the sake of Golff’s stable development and the safety of its users’ assets, Golff is now launching a bug bounty program. We hope to discover more professional security researchers, software developers and white-hat hackers to participate in this program through the campaign. If you find a security bug, we would be happy to work with you to resolve it quickly and offer you a reward of up to $20,000.

Scope of application of this plan

Golff Vault Related Contracts

Golff Lend Related Contracts

Golff Farm Related Contracts

Golff DAO Related Contracts

Golff Bridge Related Contracts

GOF Token Contracts:

  • GOF(ERC20): 0x488E0369f9BC5C40C002eA7c1fe4fd01A198801c
  • GOF(HECO): 0x2aafe3c9118db36a20dd4a942b6ff3e78981dce1
  • GOF(BEP20-BSC): 0x2bcF9c1861FaE2d5a7D2b3242b71e2a8d461F61e
  • Vulnerabilities in any third-party contract or platform that interacts with Golff.
  • Vulnerabilities arising from the occurrence of any of the following activities: front-end errors, DDOS attacks, automated tools, compromise or misuse of third-party systems or services.

Bug severity classification and rewards

Submitted vulnerabilities need to satisfy minimum severity criteria to be eligible for rewards. Successfully submitted and reviewed vulnerabilities will be rewarded with Golff tokens based on their classification and severity level.

The severity of contractual vulnerabilities will be assessed by reference to the CVSS risk rating scale, as follows:


The terms and rules of the bug bounty program may change over time.

Reports need to contain enough technical knowledge for the team to quickly reproduce the fix for the bug.

Reported, publicly available vulnerabilities that do not meet the rules of participation are subject to the report of the first submitted bug.

Publicly disclosed vulnerabilities or illegal gains from vulnerabilities (other than rewards under this program) do not qualify for participation rules.

Rewards will be determined on a case-by-case basis for different vulnerabilities. The Bug Bounty Program and the Terms and Conditions are at the sole discretion of Golff.

Submission Method

Please send reports to

No disclosure should be made to any other person, entity or email address prior to disclosure to the above email.

For valid bug reports, we will reply by email within 10 business days and will address how the reward will be issued in the email.

Other terms and conditions

All rewards will be issued in the form of GOF tokens and the final right to interpret them belongs to the Golff team.

Please read and follow the above policy carefully, otherwise your report will not be rewarded.



Golff is an one-stop crypto bank with a product format that is primarily a DeFi aggregator platform with products such as fantastic farm, earn collection, financial enhancement insurance, and lighting lending to provide users with more convenient decentralized financial services

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Golff Protocol

One-stop encrypted bank, to create a light, open and free financial world.