AirSwap Bug Bounty – Fluidity

0 3


The scope of the bug bounty is limited to contracts located within the AirSwap Protocols repository that have been deployed onto mainnet. Latest mainnet deploys for the following are at this commit hash.

Swap: Atomic Swap Between Tokens
Indexer: Counterparty Discovery with Staking
Index: Ordered List of Locators
DelegateFactory: Deploys New Delegates
Delegate: Onchain Trading Delegate
Types: Types and Hashes
Wrapper: Use ether for WETH trades

The value of rewards will vary depending on severity as judged by the AirSwap team. Severity is determined according to the OWASP risk rating model based on Impact and Likelihood, as employed in the Ethereum bug bounty campaign.

Bounty payouts

  • Low: Up to 250 DAI
  • Medium: Up to 500 DAI
  • High: Up to 2,000 DAI
  • Critical: Up to 20,000 DAI

A few friendly rules

  1. Bounties go to the first to report via email to bounty@airswap.io.
  2. Don’t steal or attempt to steal others funds.
  3. Don’t publicly disclose a bug before it has been fixed.
  4. Paid auditors of this code are not eligible for rewards.
  5. Issues that are mentioned in the security audits are not eligible.
  6. Non-security critical issues (e.g. style or gas optimizations) are ineligible.
  7. Determinations of eligibility, score and all terms related to an award are at the sole and final discretion of the AirSwap team.

Submitting a bug report

Please send an email to bounty@airswap.io including the content in the bounty template found on the AirSwap Protocols repository.

You might also like

Pin It on Pinterest

Share This

Share this post with your friends!

WhatsApp chat