Bug Bounty
For the goal of preventing the loss of user funds, the bug bounty program is centered on its smart contracts and Dapp.
We’re introducing an official Smartlink Bug Bounty today to encourage bug reporting.
The Smartlink Bug Bounty System is used to give rewards according to the severity of the vulnerability. This is a simple 4-level scale with distinct scales for websites/apps and smart contracts/blockchains that covers everything from exploitation consequences to privilege requirements to the chance of a successful exploit.
Payments are made directly by the Smartlink team and are made in USDC (50%) and SMAK (50%) with a lockup period of 8 months on the latter.
Payout levels
LOW
Level
up to $ 1,000 USD
MEDIUM
Level
up to $ 5,000 USD
HIGH
Level
up to $ 10,000 USD
CRITICAL
Level
up to $ 100,000 USD
Assets in scope
VORTEX AMM
app.smartlink.so
Smart contracts & Web app
STAKING APP
app.smartlink.so
Smart contract & Web app
LOTTERY
app.smartlink.so
Smart contract & Web app & Randomness
Prioritized Vulnerabilities
- Re-entrancy
- Logic errors
- Dependency vulnerabilities
- Congestion and scalability
- Cryptography problems
- Signature malleability
- Susceptibility to replay attacks
- Weak randomness
- Weak encryption
- Susceptibility to block timestamp manipulation
- Missing access controls / unprotected internal or debugging interfaces
Web/App
For web vulnerabilities, Smartlink is strictly interested in those that cause direct and unequivocal loss or permanent locking of user funds
An example would be a vulnerability that lets an attacker spoof transactions on Smartlink web applications, leading to theft of funds