Bug bounty / Coverage
Critical Level:
Up to $800,000 or 10% of the (potential) economic damage on contracts with more funds locked than 1 million USD.
The 10% rule also applies to funds already removed without authorization from respective contracts. In such cases, 90% of the funds must be immediately returned, and 10% can be kept as a Whitehat bounty reward.
The 10% rule can also be claimed as a general bug bounty on contracts above $1m TVL, by providing a PoC or by assisting the team in creating a PoC.
The 10% rule only applies for contracts that are live, and have a TVL more than $1M
High Level:
$50,000 or up to 1% of the (potential) economic damage.
The 10% rule, as outlined in the Critical Level section, also applies.
Medium Level:
USD $5,000 Payout.
Runnable PoC required.
Low Level:
USD $1,000 Payout.
Runnable PoC required.
Smart Contracts
| Level | Impact |
|---|---|
5. Critical | - Direct theft of any user funds, whether at-rest or in-motion, other than unclaimed yield - Permanent freezing of funds |
4. High | - Theft of unclaimed yield - Theft of unclaimed royalties - Permanent freezing of unclaimed yield - Permanent freezing of unclaimed royalties - Griefing (e.g. no profit motive for an attacker, but damage to the users or the protocol) |
3. Medium | - Block stuffing for profit - Unbounded gas consumption - Temporary freezing of funds |
2. Low | - Contract fails to deliver promised returns, but doesn't lose value - Miner-extractable value (MEV) |
1. None | - Best practices - Smart contract unable to operate due to lack of token funds |
Payouts are handled by SYMMIO Team or DAO directly and are denominated in USDC or SYMM.
Payment in maximum 70% stable & minimum 30% native token.
Last updated
