Published in


StakingDerivative for ETH2.0 is live on Testnet, join rETH bug bounty and win FIS reward


After pulling many all-nighters, the StaFi team has finally developed rETH, a solution to the liquidity of ETH2.0 staking, with the help of community contributors. Once accessible, Stakers will be able to Stake freely in the ETH2.0 ecosystem. More importantly, the minimum Staking amount will be lowered to 0.01 ETH instead of the 32 ETH required by ETH. The rETH a user obtains after Staking can circulate, and he or she can virtually enjoy the real decentralized Liquidity Staking.

On the other hand, any validator can deposit 8ETH in the StaFi rETH contract in order to run a node in the ETH 1.0 Deposit contract. This is because a validator’s deposit will be combined with another 24ETH from StaFi users’ funds. The above validator will virtually become an Original Validator of rETH, enjoying staking rewards that are much higher than that of self-operating nodes.

StaFi hereby announces with excitement that the rETH Open Beta is officially live to the community from today: We welcome any Staker or Validator participating in the testing of the rETH product, and for that, we have prepared incentives as well as considerable bounty rewards for any Staker and Validator who finds bugs and vulnerabilities.

For a detailed introduction to the rETH solution, please check:


Security Audit

The contract of rETH contract will be formally submitted to a third-party auditing agency this week. At the same time, the Open Beta of Bug Bounty will be accessible by the StaFi community. Submission of any Bug you find during the experience will be eligible to win up to $25,000 as reward. When all tests and the audit phase are over, we will officially release rETH.

Function test stimulus

1. Period

Start from: December 18, 2020, 21:00 (UTC+8)

End at: January 7, 2021, 21:00 (UTC+8)

2. Related document:

3. User testing task and incentives

Task: Stake 5 times, 10 ETH each time.

Incentives:The first 200 participants who complete the task will win 10 FIS (ERC20 FIS). Be sure to memorize the test address which will be used to receive the reward.

When you complete the task, please:

1)Forward the related Tweet from StaFi official Twitter account ( with the screenshot of your Staking operations, Staking ETH address (the same as the address in the screenshot).

2)At the same time, please @ three of your friends in the crypto community.

4. Validator task and incentives

Task: Run the validator node through rEth and obtain more than 0.02 ETH on the Eth 2.0 testnet.

Incentives: The top 100 validators who complete the above task will win 200 FIS (ERC20 FIS). Be sure to memorize the test address which will be used to receive the reward.

Before starting the task, you need to join the StaFi validator test group: .

When the test is completed, Please:

1) Send the deposit ETH address, the pubkey(as shown in the figure below) in the deposit_data*.json file, and @Telegram ID@ sara8721 in the telegram group.

2) Forward the related Tweet from StaFi official Twitter account ( with the screenshot of your staking dashboard, deposit ETH address, the pubkey (as shown in the figure below) in the deposit_data*.json file;

3) At the same time, please @ three of your friends in the crypto community.

For any bug, vulnerability, or details that might need optimization, you are welcome to report through the same channel as that of bug submission. (see below article).

Code vulnerability testing incentives

1. Test content


  • Critical: Abnormal function, ineffective function, or security breach, etc.;
  • Moderate: Defects that do not affect the function, non-security issues, such as the room for optimization, performance improvement, etc.;
  • Low: Unimportant issues, some minor issues that can be modified during updates, such as modifying text or notes.

Outside the scope of the bounty program

  • Repeated reports on security issues, including security issues that have been confirmed by the StaFi team;
  • Theoretical security issues without pragmatic application scenarios, or issues that require complex user-interactions.


1 It must be a newly discovered bug(s) that has/have not been reported before

2 The bug(s) found must be related to security issues in StaFi GitHub page code, but not other third-party code;

3 Have not written any codes of StaFi around the bug(s), and have not participated in any process that generated the bug(s) of StaFi in other ways;

4 Public disclosure will make you lose your bounty;

5 The StaFi team reserves the right to make the final decision on eligibility for the event and all rewards.

4.Bounty rules

The bounty will be issued in the form of FIS, and the amount will depend on the severity of the bugs found.

In addition to severity, the bounty amount will be determined (but not limited to) by other factors including:

  • The accuracy and details of the bug description;
  • The quality of reproducibility, such as test code, scripts, and detailed instructions.

5.Submission Method

When you find bug(s), please send a report to: Please attach your name, email, company name (optional), description of the bug(s), your opinion on what is the potential impact of that bug on StaFi rBridge, and how you discovered that bug.

6. FAQ

1. What should I do if I submit a bug but do not hear a reply?

Before publicly publishing the bug(s) you found, we need some time to review and confirm them, and will reply to you as soon as possible. If you haven’t received a reply two weeks after submission, you can send an email to us at:

2. In what form is the bounty issued?

The bounty is issued in the form of FIS.

If you have more questions, please send an email to us:

About StaFi Protocol

StaFi is the first DeFi protocol unlocking liquidity of staked assets. Users can stake PoS tokens through StaFi and receive rTokens in return, which are available for trading, while still earning staking rewards. FIS is the native token on StaFi Chain. FIS is required to provide security to the network by staking, pay for transaction fees on the StaFi chain, and mint & redeem rTokens.

Telegram Chat:
Telegram Announcements:



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store



StaFi_Protocol A Decentralize Protocol to Provide the liquidity of Your Staking Assets