Immunefi will host the Sovryn Program. Sovryn pays out an extra bonus for smart contract and blockchain related bugs the first 30 days of their program. The bonus is broken into 7 day bonus rounds, where the bonus is reduced by 5 percentage points at the end of each round.
Sovryn is an on-chain decentralized trading and lending protocol deployed on RSK, a side chain of the Bitcoin blockchain-powered by merge-mining, and is governed by the community. The Sovryn protocol is controlled by its community and stakeholders. There is no single company, organization, or individual that represents or controls the Sovryn protocol. While the Sovryn community is built on the principles of transparency, the Sovryn protocol’s decentralized structure means that there is no single party that can be relied upon to provide you with accurate information.
The SOV token is used to tokenize the rights, rewards, and risks associated with participating in Sovryn Bitocracy. It is used to represent voting power and to wrap the rewards and risks of Sovryn’s future into a digital representation. SOV can be used by the Sovryn protocol whenever there is a need to balance risks and rewards. Changes to the protocol introduce risks, but if they are successful, can grow the use of the protocol and the fee revenue it generates. SOV can be staked to cover user losses and thus insure that they do not occur.
It is focused around its smart contracts and app and the prevention of loss of user funds.
Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System. This is a simplified 5-level scale, with separate scales for websites/apps and smart contracts/blockchains, encompassing everything from consequence of exploitation to privilege required to likelihood of a successful exploit.
Websites and Apps*The final reward amount is capped at 10% of the funds at risk based on the vulnerability reported.
In the case of two or more reports covering the same vulnerability, only the first complete bug report gets the reward.Web and app bug reports without proof of concept exploits with demonstrated impact have a maximum severity level of “Medium”.
All payouts done by the Sovryn treasury and are pegged to the USD values set here and are payable in BTC though the Sovryn team may, at their discretion, have up to 50% of the reward payable in SOV according to a vesting schedule dependent on the amount paid out.
Until the end of the bonus period, Sovryn will provide bonuses for Smart Contract/Blockchain bug reports based on the remaining time of the bonus period. In addition, critical and high Smart Contract/Blockchain bug reports that are validated will receive a unique artwork NFT on Sovryn, showing them as the heroes that they are, all throughout the bonus period. These NFTs will be designed upon each accepted Smart Contract/Blockchain high and critical bug reports.
In the case of Critical bugs that are affected by the 10% cap, the bonus will be applied after the cap. Bonuses are handled by Sovryn directly and are done in BTC. However, the Sovryn team may decide to have up to 50% of the payment in SOV, which may include a vesting schedule.
Team are especially interested in receiving and rewarding vulnerabilities of the following types:
The following vulnerabilities are excluded from the rewards for this bug bounty program:
The following activities are prohibited by bug bounty program: