Rewards will be paid in $AKRO (or stablecoins) based on the severity of vulnerabilities/bugs identified. Rewards will be decided on a case by case basis and the bug bounty program, terms, and conditions are at the sole discretion of Akropolis.
What is not included in the scope of the bug bounty program:
- Frontend bugs. We have frontend sprints aimed at improving the UI/UX experience, fixing possible bugs in data visualization, etc. While we greatly appreciate such reports from the community members, there are no rewards for that (except for our sincere gratitude).
- Contracts not included in the above list. That’s pretty simple — we’re concentrating on products mentioned above primarily — thus bug bounty includes only them.
- Bugs of third party solutions. We monitor third-party integrations in our product and will act accordingly with the changes/bugs found there, but we can’t control code that is not ours. Please report such bugs to the development teams of corresponding projects.
- Already reported bugs. Development is a continuous process — we will be covering our code with tests to find bugs/exploits & conducting audits as code evolves. Bugs found by us or our auditors are not included in the Bug Bounty scope.
- A bug should be described for the first time and should not have been reported before. Duplicated issues are not eligible for a reward. The first submission would be the eligible one. Please do double-check before submitting.
- Bugs that were not found or described by security auditors. Please do check the security audit reports available in our Github before submitting.
- A bug report should have a detailed description & scenario for reproduction, as well as potential suggestions on how it can be fixed.
Please note that attacks carried out using methods of social engineering, phishing, fraud and deception, as well as physical attempts to disrupt the operation of the application (physical impact on the servers) will not be counted and will be punished in accordance with the rules of the Bug Bounty Program.