Bug Bounty

The Flaunch Bounty program rewards users that discover and properly disclose found bugs with predefined bounties. We encourage anyone to help strengthen the protocol by actively searching for bugs in the Flaunch contracts.

The Flaunch Bounty program is derived from the Ethereum Bounty Program, an industry standard when it comes to rightfully rewarding bug bounty hunters.

Please send vulnerability submissions to bounty@flayer.io.

Rules and Rewards

Please have a look at the bullets below before starting your hunt!

  • Issues that have already been submitted by another user, or are already known to the Flaunch team, are not eligible for bounty rewards.

  • Public disclosure of a vulnerability makes it ineligible for a bounty.

  • You can start or fork a private chain for bug hunting. Please respect the Flaunch main and test networks and refrain from attacking them.

  • All paid Flaunch and Flayer Labs members are not eligible for rewards.

  • Flaunch websites and organizational infrastructure in general, are NOT part of the bounty program.

  • The Flaunch Bounty program considers a number of variables in determining rewards. Determinations of eligibility, score and all terms related to an award are at the sole and final discretion of the Flaunch team.

The value of rewards paid out will vary depending on Severity. The severity is calculated according to the OWASP risk rating model based on Impact and Likelihood:

Severity Calculation Table

Reward sizes are guided by the rules below, but are in the end, determined at the sole discretion of the Flaunch team.

Severity
Max Bounty

Critical

50,000 USDC

High

30,000 USDC

Medium

20,000 USDC

Low

4,000 USDC

Note / Informational

1,000 USDC

Bounties may be paid out in USDC, ETH or $FLAY tokens.

In addition to Severity, other variables are also considered when the Flaunch team decides the score, including (but not limited to):

  • Quality of description. Higher rewards are paid for clear, well-written submissions.

  • Quality of reproducibility. Please include test code, scripts and detailed instructions. The easier it is for us to reproduce and verify the vulnerability, the higher the reward.

  • Quality of fix, if included. Higher rewards are paid for submissions with clear descriptions of how to fix the issue.

Important Legal Information

The bug bounty program is an experimental and discretionary rewards program for our active Flaunch community to encourage and reward those who are helping to improve the platform. It is not a competition. You should know that we can cancel the program at any time, and awards are at the sole discretion of the Flaunch team. You are responsible for all taxes. All awards are subject to applicable law. Finally, your testing must not violate any law or compromise any data that is not yours.

Bounty Scope

The above mentioned bug bounty rules and rewards are applicable to all smart contracts that are actively being used and/or promoted by Flaunch.

When in doubt about whether the bug applies to the bounty program, please contact the team by sending an email to bounty@flayer.io.

Last updated