Bug Bounty

The Bug Bounty Program aims to improve the security of dForce network by inviting talented bug bounty hunters to uncover exploits and vulnerabilities pertaining to dForce native protocols, including dForce Lending, USX, EUX, dForce Trade, and Farming.  
You can submit your findings to us via email: [email protected]. 
Bugs can be classified into three categories: Smart Contract Bugs, Infrastructure Bugs, and Other Bugs.  
Smart Contract Bugs
Infrastructure Bugs
Other Bugs
Please visit our GitHub repository for the respective smart contract addresses:
dForce Lending: https://github.com/dforce-network/LendingContractsV2 
dToken: https://github.com/dforce-network/dToken​
Farming: https://github.com/dforce-network/staking​
IMPORTANT: The list may be updated from time to time to include the newly deployed contracts and remove those that have been abandoned. Please note this Bug Bounty Program does not cover vulnerabilities pertaining to 1) protocols built by third-party developers (i.e., smart contract wallet); 2) ownership of an admin key.   
dForce Bug Bounty Program also covers vulnerabilities affecting domains that may produce exploitation of user accounts. We have deployed multiple DApps for users to interact with dForce protocols, including:
dForce Lending: https://github.com/dforce-network/LendingContractsV2 
dToken: https://github.com/dforce-network/dToken​
Farming: https://github.com/dforce-network/staking​
IMPORTANT: Only critical bugs are eligible for bounty rewards
Finally, dForce Bug Bounty Program does not cover test contracts on Rinkeby and staging servers, unless the discovered vulnerability also poses a threat to our protocols and interfaces on the Mainnet, or challenge the safety of users’ funds.
​
Classifications of Critical Bugs
Bugs capable of affecting system stability or even triggering network crash, including those that:
Allow attacker(s) to take away collateral tokens for at least 10% in dollar value of collateral tokens from the system.
Are applied to a real situation and triggered through an attack vector rather than theory or hypothesis. 
Occur in operation mode or emergency shutdown mode, excluding those occuring during or shortly after the deployment when the system is yet to become fully activated.
​
Rewards
Smart Contract Bugs 
Infrastructure Bugs
Other Bugs
Type of severity of bug/defect can be categorized into four levels with different rewards:
Critical $100,000
High $20,000
Medium $5,000
Low $1,000
Critical: $1,000
Not applicable.
​
Immunefi
We have partnered with Immunefi to launch a bug bounty program. You can submit your findings through Immunefi as well. But please note 1 finding can only claim once from either Immunefi or email: [email protected]. 
dForce Bug Bounties | Immunefi
Immunefi
​
DEVELOPER - Previous
Audit Reports
Last modified 10mo ago