Bug bounty / Coverage

  1. Critical Level:

    • Up to $800,000 or 10% of the (potential) economic damage on contracts with more funds locked than 1 million USD.

    • The 10% rule also applies to funds already removed without authorization from respective contracts. In such cases, 90% of the funds must be immediately returned, and 10% can be kept as a Whitehat bounty reward.

    • The 10% rule can also be claimed as a general bug bounty on contracts above $1m TVL, by providing a PoC or by assisting the team in creating a PoC.

The 10% rule only applies for contracts that are live, and have a TVL more than $1M

  1. High Level:

    • $50,000 or up to 1% of the (potential) economic damage.

    • The 10% rule, as outlined in the Critical Level section, also applies.

  2. Medium Level:

    • USD $5,000 Payout.

    • Runnable PoC required.

  3. Low Level:

    • USD $1,000 Payout.

    • Runnable PoC required.

Smart Contracts


5. Critical

- Direct theft of any user funds, whether at-rest or in-motion, other than unclaimed yield - Permanent freezing of funds

4. High

- Theft of unclaimed yield - Theft of unclaimed royalties - Permanent freezing of unclaimed yield - Permanent freezing of unclaimed royalties - Griefing (e.g. no profit motive for an attacker, but damage to the users or the protocol)

3. Medium

- Block stuffing for profit - Unbounded gas consumption - Temporary freezing of funds

2. Low

- Contract fails to deliver promised returns, but doesn't lose value - Miner-extractable value (MEV)

1. None

- Best practices - Smart contract unable to operate due to lack of token funds

Payouts are handled by SYMMIO Team or DAO directly and are denominated in USDC or SYMM.

Payment in maximum 70% stable & minimum 30% native token.

Last updated


All rights to the people (c) 2023 Symmetry Labs A.G.