|
2 | 2 | sidebar_position: 2 |
3 | 3 | --- |
4 | 4 |
|
5 | | -import BugBountyUrl from '@site/static/img/overview/bug-bounty.png'; |
| 5 | +import BugBountyUrl from '@site/static/img/overview/Bug-Bounty-New.jpg'; |
6 | 6 |
|
7 | 7 | # Bug Bounty |
8 | 8 |
|
9 | | -A bug bounty is currently open for Mars Hub and peripheral contracts. If you uncover a bug on Mars Hub testnet, report it via [Immunefi.com](https://immunefi.com/bounty/mars/) to potentially earn a bounty worth as much as $100,000. Rewards are distributed according to the impact of the vulnerability based on the [Immunefi Vulnerability Severity Classification System V2.2](https://immunefi.com/immunefi-vulnerability-severity-classification-system-v2-2/). This is a simplified 5-level scale, with separate scales for websites/apps, smart contracts, and blockchains/DLTs. As shown in the table below, the scale focuses on the impact of a given vulnerability. |
| 9 | +Mars Protocol is committed to building a secure and robust DeFi ecosystem. We value your expertise in helping us identify and address vulnerabilities in our protocol. This bug bounty program rewards security researchers who discover and responsibly report vulnerabilities in our smart contracts and blockchain applications. |
| 10 | + |
| 11 | +## Program Overview |
| 12 | + |
| 13 | +Mars Protocol majorly consists of key components: |
| 14 | +- **Red Bank**: A money market protocol for lending and borrowing. |
| 15 | +- **Credit Accounts**: A generalized credit primitive for Mars outposts. |
| 16 | + |
| 17 | +**Maximum Bounty: $100,000** |
| 18 | + |
| 19 | +We offer competitive rewards for identified vulnerabilities. The severity of the vulnerability determines the reward amount. |
| 20 | + |
| 21 | +## Rewards by Threat Level |
| 22 | + |
10 | 23 |
|
11 | 24 | <img src={BugBountyUrl} style={{ paddingBottom: 15 }} /> |
12 | 25 |
|
13 | | -All bug reports must come with a PoC with an end-effect impacting an asset-in-scope in order to be considered for a reward. Explanations and statements are not accepted as a PoC and code is required. |
| 26 | +## Reward Determination |
14 | 27 |
|
15 | | -Rewards for critical blockchain/DLT vulnerabilities are further capped at 10% of the economic damage potentially caused. However, there is a minimum reward of $20,000 and a maximum reward of $100,000. Please visit the [Mars Bug Bounty page on Immunefi](https://immunefi.com/bounty/mars/) for complete details. |
| 28 | +- Rewards are based on the severity of the vulnerability using the [Immunefi Vulnerability Severity Classification System V2.2](https://immunefi.com/immunefi-vulnerability-severity-classification-system-v2-2/). |
| 29 | +- All reports must include a Proof of Concept (PoC) demonstrating the vulnerability and its impact on in-scope assets. Code is required, not just explanations. |
| 30 | +- Rewards for critical vulnerabilities are capped at 10% of the potential economic damage on mainnet, with a minimum of $20,000 and a maximum of $100,000. |
16 | 31 |
|
| 32 | +For a detailed explanation, you can check out [immunefi bug bounty page](https://immunefi.com/bounty/mars/) |
0 commit comments