Bug Bounty

The Bug Bounty Program aims to improve the security of dForce network by inviting talented bug bounty hunters to uncover exploits and vulnerabilities pertaining to dForce native protocols, including dForce Lending, USX, EUX, dForce Trade, and Farming.

You can submit your findings to us via email: contact@dforce.network.

Bugs can be classified into three categories: Smart Contract Bugs, Infrastructure Bugs, and Other Bugs.

Please visit our GitHub repository for the respective smart contract addresses:

IMPORTANT: The list may be updated from time to time to include the newly deployed contracts and remove those that have been abandoned. Please note this Bug Bounty Program does not cover vulnerabilities pertaining to 1) protocols built by third-party developers (i.e., smart contract wallet); 2) ownership of an admin key.

Classifications of Critical Bugs

Bugs capable of affecting system stability or even triggering network crash, including those that:

  • Allow attacker(s) to take away collateral tokens for at least 10% in dollar value of collateral tokens from the system.

  • Are applied to a real situation and triggered through an attack vector rather than theory or hypothesis.

  • Occur in operation mode or emergency shutdown mode, excluding those occuring during or shortly after the deployment when the system is yet to become fully activated.


Type of severity of bug/defect can be categorized into four levels with different rewards:

  • Critical $100,000

  • High $20,000

  • Medium $5,000

  • Low $1,000


We have partnered with Immunefi to launch a bug bounty program. You can submit your findings through Immunefi as well. But please note 1 finding can only claim once from either Immunefi or email: contact@dforce.network.

Last updated