PSY DAO Bug Bounty
The PsyDAO bug bounty program has been written to give an opportunity to white hats, security experts and users a safe way to report security vulnerabilities of the PsyDAOs on-chain programs and get rewarded while protecting users of the protocol. This bug bounty program is subject to change as reflected in this page.
Ultimately the classification and payout of a specific reported bug issue will be at the sole discretion of the DAO and may require an on-chain governance vote to assign classification and payout.
Payout of the bounty may be done either in a stablecoin or in equivalent value of $PSY tokens at the time of governance proposal creation (if bounty is paid out using a governance vote).
The PsyDAO does not require proof of KYC to receive a bug bounty, unless it's suspected that the issue arises from privileged information that can only be accessed via a partner or PsyDAO contributor.
The following on-chain programs deployed by the PsyDAO:
- PsyLend Protocol
- PsyFi V2 Vaults Protocol
- PsyOptions V2 Euro Protocol
- PsyOptions V1 American Protocol
- Fusion Program
The following vulnerabilities are out of scope for the bug bounty program:
- Attacks that have been already carried out by the reporter on mainnet
- UI bugs
- Social engineering attacks
- Issues related to price oracles, include price manipulation of assets
- Any Denial of Service Attacks
- Issues requiring privileged material or information, such as private keys or simple governance attacks
- Issues related to liquidity or lack there-of
- Issues related to utilization of PsyLend assets