In our mission to make liquid staking simple, we are prioritizing security every step of the way.
As part of this, we have launched a Bug Bounty program to reward white hat hackers and developers for discovering and reporting bugs in the Swell codebase. This follows a stringent launch process, including a testnet launch, guarded private launch, and a smart contract audit from leading provider Sigma Prime.
From today, 27th April 2023, Swell's Immunefi program will offer bounties ranging from $1000 to $100,000 in cryptoassets, to anyone that uncovers critical code vulnerabilities.
If you identify a bug, please report it here to be eligible for compensation.
Bug Bounty Details
Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System V2.2. This is a simplified 5-level scale, with separate scales for websites/apps, smart contracts, and blockchains/DLTs, focusing on the impact of the vulnerability reported.
Critical Up to USD 100 000
High USD 5 000
Medium USD 2 500
Websites and Applications
Critical USD 10 000
High USD 2 500
Medium USD 1 500
Low USD 1 000
All bug reports must come with a PoC with an end-effect impacting an asset-in-scope in order to be considered for a reward. Explanations and statements are not accepted as PoC and code is required.
Rewards for critical smart contract vulnerabilities are further capped at 10% of the funds at risk. In cases of repeatable attacks, only the first attack is considered unless the smart contract cannot be upgraded or paused. However, there is a minimum reward of USD 50 000 and a maximum reward of USD 100 000 for Critical smart contract bug reports.
More details, including the assets in scope, can be found on the Immunefi platform.
Immunefi is the premier bug bounty platform for smart contracts and DeFi projects, where security researchers review code, disclose vulnerabilities, get paid, and make crypto safer. Immunefi removes security risk through bug bounties and comprehensive security services.
Launched on December 9, 2020, Immunefi focused on blockchain and smart contract security. We provide bug bounty hosting, consultation, bug triaging, and program management services to blockchain and smart contract projects.
Bug bounty programs are open invitations to security researchers to discover and disclose potentially vulnerabilities in projects’ smart contracts and applications, thereby protecting projects and their users. For their good work, security researchers receive a reward based on the severity of the vulnerability, as determined by the project affected.
Follow Immunefi on their socials to stay updated: