We are happy to announce our new bug bounty program in partnership with Immunefi. This $100k bug bounty aims at incentivizing developers and ethical hackers to recognize vulnerabilities in our smart contracts, website and applications.
Why A Bug Bounty Program?
Our primary goal is to be the most trusted entry point to deploy your capital into DeFi. To pursue this mission, our approach has always focused on users and community feedback. A bounty program goes precisely in this direction.
We have always been very attentive to auditing and security of our code. Now, we feel we can do more than typical audits, which engage a limited number of auditors. Thus, we decided to involve the entire community of hackers and code reviewers to help us provide the best possible security and reliability to our users.
What is Immunefi?
Immunefi is the premier bug bounty platform for smart contracts and DeFi projects, where security researchers review code, disclose vulnerabilities, get paid, and make crypto safer. Immunefi removes security risks through bug bounties and comprehensive security services.
As a platform, Immunefi has immense scope for both ethical hackers and project owners. Hackers can select bounty programs that match their skill, review the code, submit the bugs, and get paid. Simultaneously, projects can enhance their security with the help of experts at Immunefi. Because of these factors, among others, several leading names in the industry trust the platform. Binance, Chainlink, SushiSwap, PancakeSwap, Compound and Synthetix, for instance, have worked with Immunefi.
The Summer.fi Bug Bounty Program Overview
The program goes live today (April 1st, 2022), with a maximum reward of $100,000 to be paid in DAI. The focus is on our smart contracts and the Summer.fi website.
Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System V2. This is a simplified framework, with separate scales for smart contracts, blockchains/DLTs, and websites/apps, focusing on the impact of the vulnerability reported.
- Critical Up to USD 100 000
- High USD 10 000
- Medium USD 3 000
- Low USD 1 000
Websites and Applications
- Critical Up to USD 10 000
- High USD 3 000
- Medium USD 1 000
How To Report Bugs?
All smart contract bug reports must come with a PoC with an end-effect impacting an asset-in-scope in order to be considered for a reward. The same rule applies to Critical, High, and Medium severity bug reports related to websites and applications. Explanations and statements are not accepted as PoC - code is required. In addition, Critical/High severity bug reports must also come with a suggestion for a fix in order to be considered for a reward.
Participants must note that only the first person to report the bug will be entitled to the relevant reward. They must submit the vulnerabilities with all the relevant links, documents, and code. Only one form will be accepted for submission for any given vulnerability. However, bounty hunters are free to submit multiple forms for multiple vulnerabilities.
Any attempt to publicly disclose the vulnerability before resolving it will lead to the cancellation of the reward. Summer.fi and Immunefi reserve the right to disqualify anyone who doesn’t adhere to the rules and regulations of the bounty program. Finally, under no circumstances will Summer.fi negotiate for payments under any threat or coercion.
Learn more about how to participate in the bug bounty at https://immunefi.com/hackers/.
Learn more about Immunefi’s platform rules at https://immunefi.com/rules/.
Learn more about Summer.fi Bug Bounty Program at https://immunefi.com/bounty/summer.fi/.
If you have any questions regarding Summer.fi in general, you contact us at email@example.com or on our social media.