Smartlink Dapps

Bug Bounty

Smartlink is a suite of decentralized apps built on the Tezos network.

For the goal of preventing the loss of user funds, the bug bounty program is centered on its smart contracts and Dapp.

We’re introducing an official Smartlink Bug Bounty today to encourage bug reporting.

The Smartlink Bug Bounty System is used to give rewards according to the severity of the vulnerability. This is a simple 4-level scale with distinct scales for websites/apps and smart contracts/blockchains that covers everything from exploitation consequences to privilege requirements to the chance of a successful exploit.

Payments are made directly by the Smartlink team and are made in USDC (50%) and SMAK (50%) with a lockup period of 8 months on the latter.

Payout levels

LOW

Level

up to $ 1,000 USD

MEDIUM

Level

up to $ 5,000 USD

HIGH

Level

up to $ 10,000 USD

CRITICAL

Level

up to $ 100,000 USD

Assets in scope

VORTEX AMM

app.smartlink.so

Smart contracts & Web app

STAKING APP

app.smartlink.so

Smart contract & Web app

LOTTERY

app.smartlink.so

Smart contract & Web app & Randomness

SMAK TOKEN

View Contract

Smart contract

Prioritized Vulnerabilities

Smart Contracts/Blockchain:

Re-entrancy
Logic errors
Dependency vulnerabilities
Congestion and scalability
Cryptography problems
Signature malleability
Susceptibility to replay attacks
Weak randomness
Weak encryption
Susceptibility to block timestamp manipulation
Missing access controls / unprotected internal or debugging interfaces

Web/App

For web vulnerabilities, Smartlink is strictly interested in those that cause direct and unequivocal loss or permanent locking of user funds

An example would be a vulnerability that lets an attacker spoof transactions on Smartlink web applications, leading to theft of funds

Submit your report

Submit report