We welcome and reward security reports from the community with our ongoing bug bounty program.
In order to test the security of our smart contracts and thereby to detect possible vulnerabilities in our code, we invite and challenge everyone out there to find attack vectors/security vulnerabilities in the Amun protocol. Bounties will be paid for all valid security vulnerabilities found and disclosed to the Amun Council, provided that:
You send a report around the full method in writing to [email protected]
The vulnerability was not reported before.
The issue reported is not an acknowledged aspect of the system.
The bug bounty is subject to the following terms and conditions available on Github.
A good submission should typically include:
a good description of the bug
a description of the attack scenario
the impact of this scenario
any other necessary components
any other details that might be helpful
a potential resolution or fix. Giving examples is always helpful!
The total reward pool available is DAI 250,000. Rewards will be paid out in DAI. The value of rewards paid out will vary depending on severity and other factors.
Reward sizes are guided by the rules above, but are, in the end, determined at the sole discretion of the Amun Council.
Critical: up to DAI 10,000
High: up to DAI 5,000
Low: up to DAI 500
A critical issue would include vulnerabilities resulting in the possibility of irreversibly locking up the assets, irreversibly destroying the fund or stealing the assets of the fund.