Badger Finance
Search…
Badger Finance
Badger Finance
Overview & Fees
Sett User Guides - Ethereum
Vote Locked CVX
CVX Helper
Badger
DIGG
Wrapped BTC/ibBTC (Sushiswap LP)
Wrapped BTC/Badger (Sushiswap LP)
Wrapped BTC/DIGG (Sushiswap LP)
cvxCRV Helper
Tricrypto2
Convex renBTC/wBTC/sBTC
Convex renBTC/wBTC
Convex tBTC/sBTC
Convex hBTC
Convex pBTC
Convex oBTC
Convex bBTC
Yearn Wrapped BTC
mStable: imBTC
mStable: mBTC/hBTC (mhBTC)
Wrapped BTC/Wrapped Ether (Sushiswap LP)
Wrapped BTC/Badger (Uniswap LP)
Harvest renBTC/wBTC
Digg/WBTC (Uniswap LP) - Inactive
Sett User Guides - Arbitrum
Arbitrum FAQs
Arbitrum: Sushi/wETH Helper Vault
Arbitrum: wBTC/wETH SLP
Arbitrum: wBTC/wETH
Arbitrum: Tricrypto
Sett User Guides - Polygon
How to Bridge ibBTC to Polgyon
Polygon: wBTC/ibBTC SLP
Polygon: wBTC/USDC QLP
Polygon: amWBTC/renWBTC
Sett User Guides - Binance Smart Chain (BSC)
bBadger/BBTC Pancake LP - Inactive
bDigg/BBTC Pancake LP - Inactive
Badger Boost
Boost Optimizer User Guide
Digg
Digg FAQ
How to add DROPT-3 to your Metamask Wallet
How to Redeem your DROPT-3 Tokens
Core
Oracles
Upgrades
Governance
BadgerDAO
Developer Info
Arbitrum: ibBTC/wETH
Permissions
Contracts
Notes on Architecture
Deploy Script
Auto-compounding Rewards
Strategy Testing Framework (Brownie)
Technical
Adding a new Strategy
Arbitrum: Badger/wETH
BadgerRewards
Token Distribution
Badger Tree
Assistants
Overview
Badger Tree
Digg Rebaser
Sett Keeper
Links
Bug Bounty
BSC Contracts
Badger Tree
Tree Summary
Strategy Reward Distribution
Bots
Running a Rebase
WIP Badger Registry
Badger Registry - WIP
Pre Launch
Powered By GitBook
Bug Bounty
​

Program overview

In order to provide best in class security for our users, we have created a bounty program for individuals who identify issues in our protocol.
If you have found bug please submit here and alert one of our Discord moderators in a private message. Please do not disclose the bug publicly for security purposes.

Rewards by threat level

Rewards are distributed according to the exploitability level of the vulnerability and its impact based on the Immunefi Vulnerability Severity Classification System.
All bounties are capped at a maximum of 10% of the funds potentially affected.
Level
​
Critical - Empty or freeze the contract’s holdings
Up to $500,000
High - Token holders temporarily unable to transfer holdings
Up to $5,000
Medium - Denial of Service (e.g. unbounded gas, block stuffing)
Up to $500
Low - Contract fails to deliver promised returns (e.g. high-level economic errors)
Up to $250
None - N/A
$0
Payouts are handled by Badger directly. Payouts are denominated in USD and are paid out in the reporter’s choice of:
    Badger
    ETH
    Bitcoin
    Stablecoin
      USDC
      DAI
      USDT

Assets in Scope

Prioritized vulnerabilites

We are especially interested in receiving and rewarding vulnerabilities of the following types:
    Re-entrancy
    Logic errors
      including user authentication errors
    Solidity/EVM details not considered
      including integer over-/under-flow
      including unhandled exceptions
    Trusting trust/dependency vulnerabilities
      including composability vulnerabilities
    Oracle failure/manipulation
    Economic/financial attacks
      including flash loan attacks
    Congestion and scalability
      including running out of gas

Out of Scope

The following vulnerabilities are not eligible for bounties under this program:
    Theoretical vulnerabilities without any proof or demonstration
    Incorrect data supplied by third party oracles
    Basic economic governance attacks (e.g. 51% attack)
    Lack of liquidity
    Best practice critiques

Rules

The following actions and behaviors are prohibited. Doing so will prevent collection of a bounty and may result in prosecution:
    Any testing with mainnet or public testnet contracts; all testing should be done on private testnets
    Any testing with pricing oracles or third party smart contracts
    Attempting phishing or other social engineering attacks against employees and/or customers
    Testing any denial of service attacks
    Automated testing of services that generates significant amounts of spam transactions
    Disassembly or reverse engineering of binaries for which source code is not published, not including smart contract bytecode
    Public disclosure of an unpatched vulnerability
Assistants - Previous
Links
Next - Assistants
BSC Contracts
Last modified 8mo ago
Copy link