FILFI Bounty Program
The security of the FILFI DAO system is crucial to the FILFI protocol. While FILFI DAO undergoes internal and external audits, there is still the possibility of vulnerabilities due to the constantly evolving ecosystem. We implement a bounty program to identify errors and vulnerabilities in the protocol infrastructure and smart contracts, rewarding any organization or individual that helps us make the system as robust as possible.
Categories
To be eligible for a reward, the submitted issue must meet the minimum severity criteria as described below. Approved submissions will receive FILFI community TOKEN rewards based on the severity category of the issue:
- Up to 500 U - Issues that could lead to user dissatisfaction or minor technical faults.
- Up to 2,500 U - Issues that could lead to a small loss of less than 0.1% of protocol funds, disrupt the protocol status, or cause serious user dissatisfaction or moderate technical faults.
- Up to 5,000 U - Issues that could lead to an immediate loss of 0.1% < X <10% of protocol funds or severely disrupt the protocol status.
- Up to 10,000 U - Issues that could lead to an immediate loss of 10% or more of protocol funds or permanently damage the protocol status.
Rules
Rewards will vary depending on the severity of the issue. Moreover, you can increase the reward by providing high-quality information in the following areas: issue description, instructions to reproduce the issue, and solution (optional).
- If you wish to add more information about the reported issue, you can create a new submission referencing the initial issue.
- The reward details for each activity will be determined by FILFI DAO. The terms and conditions of the bug bounty program are at the sole discretion of FILFI DAO.
- Any interference with the protocol or client/platform service while the issue still exists, whether accidental or not, will invalidate the submission and disqualify it from receiving a reward.
- Public disclosure of the error will result in the submission being disqualified. Please read and adhere to the responsible disclosure policy below, or your report may not be eligible for a reward.
Disclosure Policy
If you discover a vulnerability, please ensure you follow all the steps below:
- Write a detailed, accurate issue report as soon as possible and send it to: dev@filfi.io.
- Do not disclose any information about the issue to anyone outside the team.
- Do not exploit the issue for personal gain.
- Do not attack our systems or protocol.
- Once we receive your report, we commit to taking the following steps:
- Respond to your report as soon as possible.
- Keep your report strictly confidential.
- Provide you with the latest status of your submission and the solution to the reported issue.
- Provide you with a reward to thank you for helping us make FILFI as secure as possible!