Welcome to Lixir’s Bug Bounty Program. Our aim is to be the best, which is not possible without support from our community. Submit a bug here and earn a reward. The following are the conditions and rewards.
Potential problems which can precipitate substantial loss of money, critical bugs like deadlock and starvation, or permanent loss of funds.
Inform us as soon as possible of a potential vulnerability. Allow us a reasonable amount of time to fix the issue before disclosing to the public or a third-party.
In order to be eligible, you must
be the first reporter of the vulnerability,
be able to verify a signature from the same address,
and provide enough information about the vulnerability.
Previously known vulnerabilities and vulnerabilities in front-end code not leading to smart contract vulnerabilities.
While testing for vulnerabilities, please take care not to: denial of service, spam, or phish the Lixir team.
The Lixir team is the sole and final arbiter to determine eligibility, exclusion, and reward. Rewards are decided on a case-by-case basis. Our reward scheme follows an approach similar to the Ethereum Bug Bounty.