Links

Bug Bounties

Incentives for community members to review the protocol and submit issues
Due to recent exploit we have faced, Bug Bounty program is paused till further notice!

Scope

The bounty program covers exclusively smart-contract portion of the protocol. The issues should be submitted as tickets in the BonqDAO Discord​

Rewards

The rewards are different for each severity level of the bug:
  • minor: 50 BEUR in BNQ - 3 or 4 points
  • medium: 150 BEUR in BNQ - 5 or 6 points
  • major: 5'000 BEUR in BNQ - 7 or 8 points
  • critical: 50'000 BEUR in BNQ - 9 or 10 points
The severity is determined by two factors:
  1. 1.
    Likelihood - the certainty with which an issue will arise
  2. 2.
    Impact - should the issue arise, how devasgtating it would be

Likelihood

The more likely an issue is to occur, the more points it is given. From a maximum of 5 points for a dead certain occurence to 1 for an issue which only arises in edge cases.
  1. 1.
    Very unlikely, edge cases only. Probably never occurs.
  2. 2.
    Low probability, edge cases that have a good chance of occuring.
  3. 3.
    Potential for a security incident in the long run. We have time, but it needs fixing.
  4. 4.
    High probability for a security incident. Needs to be fixed right away.
  5. 5.
    Dead certain and it could happen tomorrow. The protocol needs to be paused.

Impact

In the same spirit, the higher the impact, the more points an issue gets. From 5 points for a catastrophic issue to 1 points for an annoying bug.
  1. 1.
    Is annoying but has an easy work around
  2. 2.
    May cause loss of functionality but not of funds
  3. 3.
    May cause loss of funds in some cases
  4. 4.
    Allows an attacker to gain access to a large portion of the value locked
  5. 5.
    Allows an attacker to gain access to all of the value locked unless the protocol is paused