Badger Finance
Searchโ€ฆ
Badger Finance
๐Ÿ“–
Badger's Gitbook
Contract Addresses
Vaults
๐Ÿ”“
Vaults
VAULT USER GUIDES - ETHEREUM
VAULT USER GUIDES - ARBITRUM
VAULT USER GUIDES - POLYGON
VAULT USER GUIDES - FANTOM
POLICY
Badger Boost
๐Ÿ’Ž
Badger Boost
Boost Optimizer User Guide
NFTs
๐Ÿ–ผ
NFT List
NFT Boost Value Breakdown
Digg
DIGG
How to add DROPT-3 to your Metamask Wallet
How to Redeem your DROPT-3 Tokens
Developer Information
Developer Info
Controller
Native Setts
CurveGauge
Permissions
Notes on Architecture
Deploy Script
Auto-compounding Rewards
Strategy Testing Framework (Brownie)
Technical
Adding a new Strategy
BadgerRewards
Badger Tree
bveCVX: Handling of Additional Rewards
Assistants
Overview
Badger Tree
Digg Rebaser
Sett Keeper
Links
Bug Bounty
BSC Contracts
Badger Tree
Tree Summary
Strategy Reward Distribution
Calculation of Tree Rewards
Calculation of Vault Scheduled Rewards
Bots
Running a Rebase
WIP Badger Registry
Badger Registry - WIP
WIP - Vaults 1.5
Powered By GitBook
Bug Bounty
โ€‹

In order to provide best in class security for our users, we have created a bounty program for individuals who identify issues in our protocol.
If you have found bug please submit here and alert one of our Discord moderators in a private message. Please do not disclose the bug publicly for security purposes.

Rewards are distributed according to the exploitability level of the vulnerability and its impact based on the Immunefi Vulnerability Severity Classification System.
All bounties are capped at a maximum of 10% of the funds potentially affected.
Level
โ€‹
Critical - Empty or freeze the contractโ€™s holdings
Up to $750,000
High - Token holders temporarily unable to transfer holdings
Up to $5,000
Medium - Denial of Service (e.g. unbounded gas, block stuffing)
Up to $500
Low - Contract fails to deliver promised returns (e.g. high-level economic errors)
Up to $250
None - N/A
$0
Payouts are handled by Badger directly. Payouts are denominated in USD and are paid out in the reporterโ€™s choice of:
  • Badger
  • ETH
  • Bitcoin
  • Stablecoin
    • USDC
    • DAI
    • USDT

We are especially interested in receiving and rewarding vulnerabilities of the following types:
  • Re-entrancy
  • Logic errors
    • including user authentication errors
  • Solidity/EVM details not considered
    • including integer over-/under-flow
    • including unhandled exceptions
  • Trusting trust/dependency vulnerabilities
    • including composability vulnerabilities
  • Oracle failure/manipulation
  • Economic/financial attacks
    • including flash loan attacks
  • Congestion and scalability
    • including running out of gas

The following vulnerabilities are not eligible for bounties under this program:
  • Theoretical vulnerabilities without any proof or demonstration
  • Incorrect data supplied by third party oracles
  • Basic economic governance attacks (e.g. 51% attack)
  • Lack of liquidity
  • Best practice critiques

The following actions and behaviors are prohibited. Doing so will prevent collection of a bounty and may result in prosecution:
  • Any testing with mainnet or public testnet contracts; all testing should be done on private testnets
  • Any testing with pricing oracles or third party smart contracts
  • Attempting phishing or other social engineering attacks against employees and/or customers
  • Testing any denial of service attacks
  • Automated testing of services that generates significant amounts of spam transactions
  • Disassembly or reverse engineering of binaries for which source code is not published, not including smart contract bytecode
  • Public disclosure of an unpatched vulnerability
Assistants - Previous
Links
Next - Assistants
BSC Contracts
Last modified 8mo ago
Copy link
On this page