Bug Bounty

The Bug Bounty Program aims to improve the security of dForce network by inviting talented bug bounty hunters to uncover exploits and vulnerabilities pertaining to dForce native protocols, including dForce Lending, Yield Markets (dToken), USDx (including USR), GOLDx, dForce Trade, and dForce Staking deployed on both Ethereum Mainnet and Binance Smart Chain (BSC). Bugs can be classified into three categories: smart contract bugs, infrastructure bugs, and other bugs.

Smart Contract
Infrastructure
Others
Smart Contract

Please visit our GitHub repository for the respective smart contract addresses:

IMPORTANT: The list will be updated regularly to include the newly deployed contracts and remove those that have been abandoned. Please note this Bug Bounty Program does not cover vulnerabilities pertaining to 1) protocols built by third-party developers (i.e., smart contract wallet); 2) ownership of an admin key.

Infrastructure

dForce Bug Bounty Program also covers vulnerabilities affecting domains that may produce exploitation of user accounts. We have deployed multiple DApps for users to interact with dForce protocols, including:

IMPORTANT: Only critical bugs are eligible for bounty rewards.

Others

Finally, dForce Bug Bounty Program does not cover test contracts on Rinkeby and staging servers, unless the discovered vulnerability also poses a threat to our protocols and interfaces on the Mainnet, or challenge the safety of users’ funds.

Classifications of Critical Bugs

Critical Bugs
Critical Bugs

Bugs capable of affecting system stability or even triggering network crash, including those that:

  • Allow attacker(s) to take away collateral tokens for at least 10% in dollar value of collateral tokens from the system.

  • Are applied to a real situation and triggered through an attack vector rather than theory or hypothesis.

  • Occur in operation mode or emergency shutdown mode, excluding those occuring during or shortly after the deployment when the system is yet to become fully activated.

Rewards

Smart Contract
Infrastructure
Others
Smart Contract

Type of severity of bug/defect can be categorized into four levels with different rewards:

  • Critical $50,000

  • High $10,000

  • Medium $5,000

  • Low $200

Infrastructure
  • $1,000

Others

Not applicable.