Perpetual Protocol Bug Bounty Program - DropsEarn
Home Ended Perpetual Protocol Bug Bounty Program
Perpetual Protocol Bug Bounty Program

Perpetual Protocol Bug Bounty Program

Add to Watchlist

Reward pool

$50,000

equal in PERP

Expected profit

$100-10,000

equal in PERP

Max participants

No limit

DropsEarn score

Neutral

Normal, Low Risks

Image for post


Detailed information 

Rewards

Perpetual Protocol’s bug bounty program will pay out rewards based on the severity of the bugs found and the rewards will be denominated in PERP.

The level of severity and the reward for each submission is solely at the discretion of the Perpetual Protocol team. But as a rule of thumb, team follow OWASP risk rating methodology and estimate a bug’s severity based on

  1. The potential impact
  2. How likely an exploit will happen

Here are the severity levels and the respective payout:

Critical:

  • Payout Range: 10,000–50,000 USD

Examples:

  • Steal assets from the system
  • Permanently lock assets inside the system

High:

  • Payout Range: 5,000–9,999 USD

Examples:

  • Price manipulation to cause cascading liquidation

Medium:

  • Payout Range: 1,000–4,999 USD

Examples:

  • Manipulate or compromise price discovery

Low:

  • Payout Range: < 999 USD

Scope

The bug bounty covers the following smart contracts from the latest commit on the master branch of this Github repository:

  • RootBridge
  • ChainlinkL1
  • MetaTxGateway
  • ClientBridge
  • InsuranceFund
  • L2PriceFeed
  • ClearingHouse
  • Amm
  • ClearingHouseViewer
  • AmmReader

Reporting

Please submit the full details of the vulnerability to [email protected] with

  1. A title of Bugs Found
  2. The exact procedures or code required to reproduce the exploit

After receiving your submission, team will get back to you within 1~2 weeks on the eligibility and the exact rewards for the report.

Rules for the Program

  • Vulnerabilities that have been revealed from existing audit reports are not eligible for the bug bounty
  • Existing issues opened on the repository are not eligible for the bug bounty
  • Non-security related issues such as coding style and gas optimization are not eligible for the bug bounty
  • For the same vulnerability, the bounty will only go to the first reporter
  • Do not publicly share the vulnerability before it has been patched
  • Do not attempt to take advantage of the vulnerability
  • Paid auditors by the developers of the Perpetual Protocol are not eligible for the bounty
 
 

About

After the release of Perpetual Protocol on Ethereum and xDai mainnet, team are thrilled to reveal their bug bounty program with rewards up to 50,000 USD per bug found.

Activity Type

All Activity

Official Announcement

Date

30 Dec 2020 12:00(UTC+3) - 31 Mar 2021 12:00(UTC+3)

Registrition

Closed

Event Status

You can't participate (Event ended)

Links

Official Announcement