Bug Bounty

A bug bounty program for Amplify's smart contracts will go live before mainnet launch. We intend for hackers to look for smart contract vulnerabilities in our system that can lead to loss of funds or locked components.

The preferred way to submit a vulnerability is through Amplify's Vault on Hats Finance.

Rewards will be awarded at the sole discretion of Amplify LTD. The quality of the report and reproduction instructions can impact the reward. Rewards are denominated and paid out in USD. If both parties agree, rewards can also be paid out in crypto assets.

In scope for the bug bounty are all the smart contract components of the Amplify protocol. They can be found in the following repository: < Amplify's Contract Repo >

Out of scope

Known issues will not be rewarded:

< Item 1 >
< Item 2 >

Areas of interest

These are some examples of vulnerabilities that would be interesting:

Stealing tokens or manipulating the token generation process.
Locking or freezing any of the Amplify contracts.
Griefing attacks: is it possible to block unlocks, voting, rewards distributions, etc.
Do the desired constraints on incentives manager hold?
Flash loan exploits
AMP token exploits

Eligibility

Terms for eligible bounties:

Only unknown vulnerabilities will be awarded a bounty; in case of duplicate reports, the first report will be awarded the bounty.
Public disclosure of the vulnerability, before explicit consent from Amplify LTD to do so, will make the vulnerability ineligible for a bounty.
Attempting to exploit the vulnerability on a public network will also make it ineligible for a bounty.

PreviousBrand Assets NextSecurity & Audits

Last updated 2 months ago