🐛

PSY DAO Bug Bounty

The PsyDAO bug bounty program has been written to give an opportunity to white hats, security experts and users a safe way to report security vulnerabilities of the PsyDAOs on-chain programs and get rewarded while protecting users of the protocol. This bug bounty program is subject to change as reflected in this page. 
​
Classifications
Level
Description
Bounty Size
Critical
Generally issues related to total or meaningful partial loss of user or DAO funds.
Up to $100,000 USD
High
Generally issues that could stop the program from functioning completely, withhold user funds or assign incorrect values to users funds. 
Up to $20,000 USD
Medium/Low
Generally issues that do not put at risk user funds or delay on chain programs from functioning temporarily. 
Up to $5,000 USD
Ultimately the classification and payout of a specific reported bug issue will be at the sole discretion of the DAO and may require an on-chain governance vote to assign classification and payout. 
Payout of the bounty may be done either in a stablecoin or in equivalent value of $PSY tokens at the time of governance proposal creation (if bounty is paid out using a governance vote). 
Reporting
To submit an issue send an email to [email protected] with a detailed description of the issue and proof of vulnerability. 
The PsyDAO does not require proof of KYC to receive a bug bounty, unless it's suspected that the issue arises from privileged information that can only be accessed via a partner or PsyDAO contributor. 
In-Scope
The following on-chain programs deployed by the PsyDAO:
PsyLend Protocol
PsyFi V2 Vaults Protocol
PsyOptions V2 Euro Protocol
PsyOptions V1 American Protocol
Fusion Program
Out of Scope
The following vulnerabilities are out of scope for the bug bounty program:
Attacks that have been already carried out by the reporter on mainnet 
UI bugs
Social engineering attacks 
Issues related to price oracles, include price manipulation of assets
Any Denial of Service Attacks
Issues requiring privileged material or information, such as private keys or simple governance attacks
Issues related to liquidity or lack there-of
Issues related to utilization of PsyLend assets

PSY Token & DAO - Previous

Governance FAQ

Last modified 7mo ago

Level	Description	Bounty Size
Critical	Generally issues related to total or meaningful partial loss of user or DAO funds.	Up to $100,000 USD
High	Generally issues that could stop the program from functioning completely, withhold user funds or assign incorrect values to users funds.	Up to $20,000 USD
Medium/Low	Generally issues that do not put at risk user funds or delay on chain programs from functioning temporarily.	Up to $5,000 USD