Amun DeFi
Comment on page

Bug Bounty

We welcome and reward security reports from the community with our ongoing bug bounty program.
In order to test the security of our smart contracts and thereby to detect possible vulnerabilities in our code, we invite and challenge everyone out there to find attack vectors/security vulnerabilities in the Amun protocol. Bounties will be paid for all valid security vulnerabilities found and disclosed to the Amun Council, provided that:
  • You send a report around the full method in writing to [email protected].
  • The vulnerability was not reported before.
  • The issue reported is not an acknowledged aspect of the system.
The bug bounty is subject to the following terms and conditions available on Github.

What does a good vulnerability submission look like?

A good submission should typically include:
  1. 1.
    a good description of the bug
  2. 2.
    a description of the attack scenario
  3. 3.
    the impact of this scenario
  4. 4.
    any other necessary components
  5. 5.
    any other details that might be helpful
  6. 6.
    a potential resolution or fix. Giving examples is always helpful!

What’s in it for me?

The total reward pool available is DAI 250,000. Rewards will be paid out in DAI. The value of rewards paid out will vary depending on severity and other factors.
Reward sizes are guided by the rules above, but are, in the end, determined at the sole discretion of the Amun Council.
  • Critical: up to DAI 10,000
  • High: up to DAI 5,000
  • Low: up to DAI 500
A critical issue would include vulnerabilities resulting in the possibility of irreversibly locking up the assets, irreversibly destroying the fund or stealing the assets of the fund.