Bounty Program

About Our Bounty Program

Help us improve our smart contracts and frontend applications by finding and reporting errors. Earn rewards for your contributions to our security and user experience! Rewards will increase over time and be paid in STX.

Smart Contract Bounties

  • Drain funds from the protocol: $1000
  • Can't send assets to dex after bonding curve completion: $1000

Frontend Application Bounties

  • Exploit to insert new faked or malicious token on the frontend: $1000
  • Replace existing tokens on the frontend with faked or malicious ones: $1000

Eligibility and Coordinated Disclosure

We are happy to thank everyone who submits valid reports which help us improve the security. However, only those that meet the following eligibility requirements may receive a monetary reward:

  • You must be the first reporter of a vulnerability.
  • The vulnerability must be a qualifying vulnerability.
  • Any vulnerability found must be reported before the issue is exploited.
  • You must send a clear textual description of the report along with steps to reproduce the issue, include attachments such as screenshots or proof of concept code as necessary.
  • You must not publicly disclose the vulnerability before it is fixed.
  • Provide detailed but to-the-point reproduction steps.

Submit a Finding

If you have found a bug or vulnerability, please report it to us by contacting: