🐛
PSY DAO Bug Bounty
The PsyDAO bug bounty program has been written to give an opportunity to white hats, security experts and users a safe way to report security vulnerabilities of the PsyDAOs on-chain programs and get rewarded while protecting users of the protocol. This bug bounty program is subject to change as reflected in this page.
Level | Description | Bounty Size |
Critical | Generally issues related to total or meaningful partial loss of user or DAO funds. | Up to $100,000 USD |
High | Generally issues that could stop the program from functioning completely, withhold user funds or assign incorrect values to users funds. | Up to $20,000 USD |
Medium/Low | Generally issues that do not put at risk user funds or delay on chain programs from functioning temporarily. | Up to $5,000 USD |
Ultimately the classification and payout of a specific reported bug issue will be at the sole discretion of the DAO and may require an on-chain governance vote to assign classification and payout.
Payout of the bounty may be done either in a stablecoin or in equivalent value of $PSY tokens at the time of governance proposal creation (if bounty is paid out using a governance vote).
To submit an issue send an email to [email protected] with a detailed description of the issue and proof of vulnerability.
The PsyDAO does not require proof of KYC to receive a bug bounty, unless it's suspected that the issue arises from privileged information that can only be accessed via a partner or PsyDAO contributor.
The following on-chain programs deployed by the PsyDAO:
- PsyLend Protocol
- PsyFi V2 Vaults Protocol
- PsyOptions V2 Euro Protocol
- PsyOptions V1 American Protocol
- Fusion Program
The following vulnerabilities are out of scope for the bug bounty program:
- Attacks that have been already carried out by the reporter on mainnet
- UI bugs
- Social engineering attacks
- Issues related to price oracles, include price manipulation of assets
- Any Denial of Service Attacks
- Issues requiring privileged material or information, such as private keys or simple governance attacks
- Issues related to liquidity or lack there-of
- Issues related to utilization of PsyLend assets
Last modified 7mo ago