LeverFi
Published in

LeverFi

LeverFi Guardian Program: Securing Platform TVL

Along with the security audits by Peckshield and Beosin, we are excited to launch the LeverFi Bug Bounty Program as the third layer of checks and verifications as we near the public platform release.

As a DeFi protocol, we regard the security of user assets as the first and foremost priority when developing the smart contracts. To enhance security, we are opening the smart contracts for public review by developers from all over the world.

What is the LeverFi Guardian Program?

The Guardian Program is a public bug bounty program and an open invitation to developers from anywhere in the world to help LeverFi review its code, increase the security level of the protocol smart contracts, and earn attractive bounties in the process.

In this program, LeverFi will provide access to its Github codebase which can be reviewed and tested by developers worldwide, thus maximizing the security and resilience before LeverFi officially launches on mainnet.

A testnet version complete with UI will also be deployed by next week.

How Developers Can Review The LeverFi Code?

All released source code is available on LeverFi’s Github page:

Developers who wish to review the code may request for Github access via Github or contact us directly at security@leverfi.io. Developer accounts need past Github commits to receive access.

From a security perspective, we invite developers to assess, identify and give us suggestions on any of the following:

1. General Security

  • Flaws in administration security
  • Flaws in platform functions
  • Flaws in security design

2. Economic Design

  • Ledger accounting and settlements integrity
  • Non-code exploitation of economic design
  • Flaws in financial math and formulas used

3. Security of Smart Contracts

  • Security of smart contract management
  • Security of transaction processing
  • Security against oracle manipulation
  • Security against fund drain attacks

4. Platform Improvements

  • Improvements to gas efficiencies
  • Reduction in failed transactions
  • Improvements to transaction routing
  • Improvements to financial logic

Risk Levels And Ranges of Bounties

Risk levels will be divided broadly into 4 categories based on severity and potential loss. Bounty rewards will be linked to these risk levels as follows:

Lvl 1 Risk — A Bounty: 30,000,000 to 50,000,000 LEVER

  • Potential systematic flaws, including access to server, access to website administration, transaction/oracle manipulations, fund drain attacks, flaws in accounting ledger code etc result in substantial (>50%) asset loss.

Lvl 2 Risk — B Bounty: 10,000,000–30,000,000 LEVER

  • Potential systematic flaws, including access to server, access to website administration, transaction/oracle manipulations, fund drain attacks, flaws in accounting ledger etc resulting in partial (10–50%) asset loss.

Lvl 3 Risk — C Bounty: 5,000,000–10,000,000 LEVER

  • Potential code issues, transaction/oracle manipulations, fund drain attacks, flaws in financial logic etc resulting in minor (<10%) asset loss.

Lvl 4 Risk — D Bounty: 1,000,000–5,000,000 LEVER

  • Non-exploitable transaction failures issues, optimization improvements that increases speed and efficient of transactions etc that does not result in any asset loss, but improves the protocol design if implemented.

How To Report Bugs Detected?

As security is a sensitive issue, we encourage users not to submit public issues regarding the security of the blockchain.

We encourage using your own discretion, if you feel the issue is not something the public can easily exploit, then feel free to create an issue at the repo over at the LeverFi Github. If the issue presents some critical exploit, then please email us instead at security@leverfi.io.

Rules of the Guardian Program

  • The Guardian Program is limited to the latest version of code.
  • Problems caused by same source should be considered as one bug.
  • Multiple reports on the same bug will only be rewarded to the first reporter based on timestamp.
  • LeverFi has the responsibility of publishing its improvements after a bug is detected within 2 weeks.
  • Only when the process of “Bug submission — Project verification — Improvements” is completed can a contributor receive the bounties.
  • Any malicious attempt to generate exploits, phish, steal user data, make unauthorized code changes or abuse of intellectual property in the guise of code review will be investigated by LeverFi.
  • LeverFi reserves the right of final interpretation.

The Future is LeverFi

We put great emphasis on platform security so we invite developers everywhere to help guide that. We are excited to have you onboard our journey!

LeverFi is a game-changer in the leveraged trading space. We cannot wait to hear what you think of LeverFi, so keep engaging with us!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store