Earn up to $3,000 (60,000 SYN) for finding bugs in the latest SynLev contracts. If you are not yet familiar with SynLev project check out our intro article, litepaper, and dApp beta walkthrough. We have been hard at work testing and developing the core SynLev contracts and dApp. We are happy to report that our Kovan testnet contracts have been published and running for the past week without any major issues. And we are now ready to open public bug bounties.
Bug Definition
Bugs are defined as any exploit on the SynLev core contracts that result in unexpected errors/behavior, illegitimate withdraw of funds, draining of contract funds, manipulation of price data, etc… Gas savings may also be considered as a low level bug for the purposes of this bounty.
Scope of Bugs
Any of the core SynLev core contracts and their corresponding Kovan addresses listed at testnetaddress.json. Be sure to check our github while working as contracts will be continuously updated. Bugs related to javascript or the SynLev beta dApp are not in the scope of this bug bounty and will not be accepted.
Reward Tiers
Discovered bugs will be rewarded based on their severity and determined by the following criteria:
- Effects of the exploit (e.g. ranging from failed transactions to illegitimately withdrawing funds from the contract)
- Repeatability of the exploit
- Complexity of exploit
In addition bonuses may also be awarded based on factors such as the number of instances the bug exists in the code, submitted documentation, amount of research done by submitter, and if a solution or code fixing the bug is submitted.
Submission
1. Submitted work must be posed as a reply to the following github issue linked HERE
2. Detailed instructions of how to reproduce the bug/exploit must be included.
3. Proof of the bug/exploit must be included either in the form of a txid or detailed documented instructions of how to reproduce the bug/exploit in a test environment.
4. No duplicate bounties will be awarded. The same or similar bug/exploit will only be rewarded to the first person to post on the github issue.
5. Bugs/exploits must be applicable to the current version of the core contracts on github.
Join our Telegram group chat here t.me/synlev and follow us on Twitter for the latest updates @synlevdefi.
