Welcome to the Gravity Finance Bug Bounty Program. We are calling on our community to help us identify any bugs or vulnerabilities in our protocol in order to make it as secure as possible. Submit a bug report and earn up to USD$100,000 worth of GFI tokens.

Rewards

Bug Bounty Rewards ranging from $10 to $100,000 based on severity. Bounties paid in GFI tokens.

Scope & References

Our bug bounty is applicable to the following repositories. This list will grow over time.

Repository 1:
https://github.com/inthenextversion/audit-gravity-ctdsec-v1-core

Repository 1 Code Brief:
https://github.com/inthenextversion/audit-gravity-ctdsec-v1-core/blob/main/Gravity%20Finance%20Code%20Brief.pdf

Repository 1 Audit Report:
https://gravityfinance.io/docs/Cybersecurity_Audit_CTDSEC_Gravity_v4.pdf

Rules

  • Public disclosure of a vulnerability would make it ineligible for a reward.
  • Duplicated issues are not eligible for reward. The first submission is the eligible one.
  • If you want to add more information to a provided issue, create a new submission giving reference to the initial one.
  • Rewards will be decided on a case by case basis and the bug bounty program, Terms and conditions are at the sole discretion of Gravity Team.
  • Rewards will vary depending on the severity of the issue. Other variables considered for rewards include: the quality of the issue description, the instructions for reproducibility, and the quality of the fix (if included).
  • Determinations of eligibility, score and all terms related to a reward are at the sole and final discretion of Gravity.
  • Submissions need to be related with the Bounty Scope. Submissions out of the Bounty Scope will not be eligible for a reward.
  • Any interference with the protocol, client or platform services, on purpose or not, during the process will make the submission process invalid.
  • Terms and conditions of the bug bounty process may vary over time.

Terms

Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.