Comment on page

Bug bounty / Coverage

1.Critical Level:
Up to $100,000 or 10% of the (potential) economic damage on contracts with more funds locked than 1 million USD.
The 10% rule also applies to funds already removed without authorization from respective contracts. In such cases, 90% of the funds must be immediately returned, and 10% can be kept as a Whitehat bounty reward.
The 10% rule can also be claimed as a general bug bounty on contracts above $1m TVL, by providing a PoC or by assisting the team in creating a PoC.
​
The 10% rule only applies for contracts that are live, and have a TVL more than $1M


1.High Level:
$50,000 or up to 10% of the (potential) economic damage.
The 10% rule, as outlined in the Critical Level section, also applies.
2.Medium Level:
USD $5,000 Payout.
Runnable PoC required.
3.Low Level:
USD $1,000 Payout.
Runnable PoC required.
​
Smart Contracts
Level
Impact
5. Critical
- Any governance voting result manipulation
- Direct theft of any user funds, whether at-rest or in-motion, other than unclaimed yield
- Direct theft of any user NFTs, whether at-rest or in-motion, other than unclaimed royalties
- Permanent freezing of funds
- Permanent freezing of NFTs
- Miner-extractable value (MEV)
- Unauthorized minting of NFTs
- Predictable or manipulable RNG that results in abuse of the principal or NFT
- Unintended alteration of what the NFT represents (e.g. token URI, payload, artistic content)
- Protocol insolvency

4. High
- Theft of unclaimed yield
- Theft of unclaimed royalties
- Permanent freezing of unclaimed yield
- Permanent freezing of unclaimed royalties
- Temporary freezing of funds
- Temporary freezing NFTs

3. Medium
- Smart contract unable to operate due to lack of token funds
- Block stuffing for profit
- Griefing (e.g. no profit motive for an attacker, but damage to the users or the protocol)
- Theft of gas
- Unbounded gas consumption
2. Low
- Contract fails to deliver promised returns, but doesn't lose value

1. None
- Best practices
Payouts are handled by SYMMIO Team or DAO directly and are denominated in USDC or SYMM.

Level	Impact
5. Critical	- Any governance voting result manipulation - Direct theft of any user funds, whether at-rest or in-motion, other than unclaimed yield - Direct theft of any user NFTs, whether at-rest or in-motion, other than unclaimed royalties - Permanent freezing of funds - Permanent freezing of NFTs - Miner-extractable value (MEV) - Unauthorized minting of NFTs - Predictable or manipulable RNG that results in abuse of the principal or NFT - Unintended alteration of what the NFT represents (e.g. token URI, payload, artistic content) - Protocol insolvency
4. High	- Theft of unclaimed yield - Theft of unclaimed royalties - Permanent freezing of unclaimed yield - Permanent freezing of unclaimed royalties - Temporary freezing of funds - Temporary freezing NFTs
3. Medium	- Smart contract unable to operate due to lack of token funds - Block stuffing for profit - Griefing (e.g. no profit motive for an attacker, but damage to the users or the protocol) - Theft of gas - Unbounded gas consumption
2. Low	- Contract fails to deliver promised returns, but doesn't lose value
1. None	- Best practices

Legal & Brand & Security - Previous

Security (Audits)

Audits

Last modified 2mo ago