Bug Bounty

Overview

The SNS Bug Bounty Program is set to incentivize responsible bug disclosure by our users. This program prioritizes bugs detected in the Bonfida smart contracts and is not focused on UI bugs.

Appropriate rewards will be distributed to users detecting medium to critical severity bugs on the core contracts of SNS.

We have partnered with the leading web3 bug bounty platform, Immunefi, to host this.

Immunefi

The bug bounty can be found here: https://immunefi.com/bug-bounty/sns/information/

This home provides the terms of use, rules, scope, rewards and disclosure policies. Please note that there are requirements to appropriately disclose bugs in order to be eligible for rewards:

Provision of KYC is required to receive a reward.

KYC information is only required on confirmation of the validity of a bug report

KYC information would include; a wallet address, proof of address & a copy of your passport

The bug bounty adheres to a policy that limits the information sharable from the bug

Make sure to read the Responsible Publication Policy to safeguard that you remain eligible for the reward

Assets determine whether the bug is in or out of scope. Please familiarize yourself with the assets and impacts in scope before reporting a bug

All code of SNS can be found at https://github.com/Bonfida/. Documentation for the assets provided in the Immunefi doc can be found at https://www.sns.id/white-paper.pdf.

Unless explicitly listed, only pages of the web/app assets in addition to the direct link are considered in-scope of the bug bounty program

Rewards

The safety of our products is of the utmost importance. In the instances where a critical bug was found (and appropriately disclosed), we will generously reward users with up to 100K USD worth of FIDA.

The size of the reward depends on the asset and the impact of scope. Where low & critical bugs will be rewarded differently.

Rewards vary from 1K USD to 100K USD depending on the impact of scope

Last updated 1 month ago