This contract system is an implementation of a decentralized exchange that features automated market making. The contract system is deployed at Callisto Network Mainnet:
GENERAL NOTE: only technical issues must be considered here. Trading losses or the lack of liquidity caused by the insufficient engagement are not considered contract-related issues.
$15,000 for finding a critical vulnerability.
A critical vulnerability is a vulnerability that can be directly exploited at any time and cause:
Total breach of the contract system and the loss of operability
Allow the withdrawal of funds or exchange of funds at the unexpected rate which can be exploited to the attacker's advantage
Any circumstance at which one user of the contract can cause a direct loss of funds for another user
$3,000 for finding a medium severity vulnerability
A critical vulnerability is a vulnerability that can be exploited in some specific circumstances and cause:
Violation of access restrictions and performing owner-restricted functions without permission
Total or partial breach of the contract system and partial loss of operability
Allow the withdrawal of funds or exchange of funds at the unexpected rate which can be exploited to the attacker's advantage
Any circumstance at which one user of the contract can cause a direct loss of funds for another user
$100-500 for code flaws that can not violate contract workflow.
Any code flaw reports and suggestions that can improve the SoyFinance workflow. This bounty will be paid if the suggested solution will be implemented in final version of the contract system.
The bugbounty will last for 20 days since the announcement. All reports submitted to the github issues thread during this timeframe will be reviewed by members of Callisto Security Department.
The first person to submit a bug report will be awarded a bounty if the reported issue is considered a vulnerability consistent with the bugbounty scope.
Payment method: the bounty can be paid in CLO or USDT. The requester must negotiate the payment method in the corresponding issue thread at github and provide the payment address there. Transaction hash will be published in the same thread as a proof after the payment is confirmed.
Scope
Excluded
Contracts overview
This contract system is an implementation of a decentralized exchange that features automated market making. The contract system is deployed at Callisto Network Mainnet:
Bug bounty
GENERAL NOTE: only technical issues must be considered here. Trading losses or the lack of liquidity caused by the insufficient engagement are not considered contract-related issues.
$15,000 for finding a critical vulnerability.
A critical vulnerability is a vulnerability that can be directly exploited at any time and cause:
Total breach of the contract system and the loss of operability
Allow the withdrawal of funds or exchange of funds at the unexpected rate which can be exploited to the attacker's advantage
Any circumstance at which one user of the contract can cause a direct loss of funds for another user
$3,000 for finding a medium severity vulnerability
A critical vulnerability is a vulnerability that can be exploited in some specific circumstances and cause:
Violation of access restrictions and performing owner-restricted functions without permission
Total or partial breach of the contract system and partial loss of operability
Allow the withdrawal of funds or exchange of funds at the unexpected rate which can be exploited to the attacker's advantage
Any circumstance at which one user of the contract can cause a direct loss of funds for another user
$100-500 for code flaws that can not violate contract workflow.
Any code flaw reports and suggestions that can improve the SoyFinance workflow. This bounty will be paid if the suggested solution will be implemented in final version of the contract system.
Participating
Submit an issue at the SoyFinance contracts repo: https://github.com/SoyFinance/smart-contracts/issues
The bugbounty will last for 20 days since the announcement. All reports submitted to the github issues thread during this timeframe will be reviewed by members of Callisto Security Department.
The first person to submit a bug report will be awarded a bounty if the reported issue is considered a vulnerability consistent with the bugbounty scope.
Payment method: the bounty can be paid in CLO or USDT. The requester must negotiate the payment method in the corresponding issue thread at github and provide the payment address there. Transaction hash will be published in the same thread as a proof after the payment is confirmed.
Questions: dexaran@callisto.network