We welcome and reward security reports from the community with our ongoing bug bounty program.
In order to test the security of our smart contracts and thereby to detect possible vulnerabilities in our code, we invite and challenge everyone out there to find attack vectors/security vulnerabilities in the Enzyme protocol. A total reward pool of 250,000 DAI is available to pay out bounties. Bounties will be paid for all valid security vulnerabilities found and disclosed to the Enzyme Council, provided that:
You send a report around the full method in writing to [email protected]
The vulnerability was not reported before.
The issue reported is not an acknowledged aspect of the system.
The bug bounty is subject to the following terms and conditions available on Github.
A good submission should typically include:
a good description of the bug
a description of the attack scenario
the impact of this scenario
any other necessary components
any other details that might be helpful
a potential resolution or fix. Giving examples is always helpful!
The total reward pool available is DAI 250,000. Rewards will be paid out in DAI. The value of rewards paid out will vary depending on severity and other factors. The severity is calculated according to the OWASP risk rating model based on Impact and Likelihood:
Reward sizes are guided by the rules above, but are, in the end, determined at the sole discretion of the Enzyme Council.
Critical: up to DAI 10,000
High: up to DAI 5,000
Low: up to DAI 500
A critical issue would include vulnerabilities resulting in the possibility of irreversibly locking up the assets, irreversibly destroying the fund or stealing the assets of the fund.
Repository (master branch): TODO : ADD REPOSITARY
Below are the smart contracts in scope of the bug bounty. Any valid and previously unknown security vulnerability found and disclosed to the Enzyme Council will be rewarded.