rDEX Bug Bounty Recap

3 min readFeb 22, 2022



The Bug Bounty Program for the rDEX Testnet has officially ended. In the course of this program(18/1/2022–17/2/2022), we have received some highly valuable feedback and suggestions, which would help make rDEX more perfect both in function and code. The most submitted bug reports from the community are functional optimization suggestions, not the code bugs, which also implies that the rDEX testnet contracts are immensely safe. The rDEX now provides a more user-friendly UX.

Of course, we still can not claim that the rDEX Testnet is 100% secure, without any potential security issues in the future.There still remains a possibility that few bugs couldn’t be detected through the audits by PeckShield and the community. In order to minimize the chances of this happening, we have already launched a Bug Bounty on the very famous white-hat hackers platform Immunefi on 11 February, 2022. Thus, we welcome the developers in our community to join us for this program and help StaFi to make rDEX fully secure.

Run-through the Bug Reports from Community

During the Bug Bounty Period , we have received 6 beneficial bug report emails, most of which are functional suggestions from the community and we have already communicated with them regarding the evaluation of these bugs.

Some of these bug reports were truly impressive, and we could tell that these participants have tested the rDEX thoroughly from top to the bottom, especially mentioning Anton Sotirov and Dayal KS. They even attached as many as 16 suggestions with the details on how we can optimize the rDEX. These suggestions helped the StaFi core team to better acknowledge what we had neglected on the UI/UX of rDEX in the past.

We have made a summary on all the 6 valuable Bug Reports from community as follows:

Winner Rewards

Based on the Reward Rules of rDEX Testnet Bug Bounty and also the idea to motivate more community members to join in our programs in the future, we decided to add some participation rewards along with the bug rewards for the 6 community members who contributed in this Bug Bounty Program.

The 6 Bug Bounty winners, please check your FIS address and report to us at support@stafi.io if you find that the aforementioned information is wrong.

Special Notes

Although the bug bounty program for rDEX Testnet has ended, the endeavor to make rDEX fully secure should not be concluded as of now. So the community can continue to report the potential bugs of rDEX in the future at any time, and we will continue to give you the rewards according to the Bug Bounty Rewards Rule.

About StaFi

StaFi is the first DeFi protocol unlocking liquidity of staked assets. Users can stake PoS tokens through StaFi and receive rTokens in return, which are available for trading, while still earning staking rewards. rToken is a synthetic staking derivative issued by StaFi to users when users stake PoS tokens through StaFi rToken App . rTokens are anchored to the PoS tokens staked by users and the corresponding staking rewards. rTokens can be transferred and traded at any time.

Website | rToken App | Twitter | Telegram | Discord | Forum



Editor for

StaFi_Protocol A Decentralize Protocol to Provide the liquidity of Your Staking Assets