Bug Bounty Program
SOFA.org places great emphasis on user security and platform robustness. We recognize that security risks and vulnerabilities will always exist no matter how 'secure' the system appears to be. As such, to encourage community members to jointly contribute to our security efforts, we have launched a Bug Bounty program. This program is designed to reward white-hat hackers who spot and report potential security risks within our ecosystem.
Joining Our Bug Bounty Program
To participate in the Bug Bounty program with SOFA.org, please see the following steps:
- Familiarize Yourself with Bounty Details: Visit our project page on our Bug Bounty program page and thoroughly read the severity classifications, reward guidelines, and reporting requirements we have provided. We recommend that you read carefully to ensure you understand which types of vulnerabilities are eligible for rewards.
- Conduct Security Testing: Start testing the SOFA protocol's smart contracts, dApp interfaces, or any related infrastructure based on your area of expertise. Please adhere to responsible disclosure principles and avoid any testing behavior that could lead to actual asset losses.
- Submit a Report: If you believe you have found a valid security issue, please submit a detailed vulnerability report through Bug Bounty Program. Y our report should include a complete description of the issue, including steps to reproduce the vulnerability, its potential impact, and (if possible) a suggestion for mitigating or fixing the vulnerability.
- Wait for a Security Review: Our security team will review your report and work with you to verify the vulnerability. Please keep communication channels open so we can resolve the issue quickly and efficiently.
- Receive Your Reward: Once the severity of the vulnerability has been verified and corrective measures have been implemented, eligible reports will receive rewards. The reward amount will be assessed based on the severity and potential impact of the vulnerability.
Reward Criteria
The amount of the reward is based on the severity of the vulnerability, typically categorized into several levels ranging from Critical to Low. Specific reward amounts and criteria can be found on our page.
Important Reminders
- Do Not Disclose Issues Publicly: Please do not publicly disclose any details before the issue is fixed to avoid potential malicious exploitation.
- Please Adhere to All Relevant Rules: When participating in testing, please adhere to all applicable laws and rules.
We hope that through this Bug Bounty program, we can work together with the community to effectively bolster the security and integrity of the SOFA.org ecosystem. We look forward to interacting with security researchers and community experts to help discover and fix potential vulnerabilities, leading to a stronger, safer, and more reliable DeFi ecosystem for everyone to enjoy.