This program covers all currently deployed smart contracts on the Gnosis Chain that are actively being used on the Agave dApp.
Contracts that Agave Dao uses that are not built by Agave Dao’s members may also be considered depending on the extent to which they have been used within the Agave ecosystem and the consequences they could produce. This evaluation will be done using the CVSS Risk Rating scale.
Disclosure of issues must be made directly to the Agave Team, via email [email protected], additionally please DM someone from the team on Discord. to confirm it was received.
Any evidence of disclosure to other parties will forfeit the reward.
Exploiting the vulnerability prior to disclosing it will forfeit the reward.
Disclosure should include details of how to reproduce the bug in as clear a way as possible. A more detailed report could increase the reward.
Reporting a bug that has already been reported will not earn a reward.
The severity of an issue will be determined by a score created using the CVSS Risk Rating scale https://www.first.org/cvss/calculator/3.0. It will likely also involve some subjective understanding of the potential impact it could make on the 1hive ecosystem.
| Risk Rating | Payment |
|---|---|
| Critical (9.0-10.0): | Up to $20,000 in $xDai |
| High (7.0-8.9): | Up to $5,000 in $xDai |
| Medium (4.0-6.9): | Up to $1,000 in $xDai |
| Low (0.1-3.9): | Up to $500 in $xDai |
It should be known that Agave DAO is interested in maintaining secure infrastructure and is willing to make fair payouts for finding bugs that could affect funds and users, so as a bug hunter you can be assured when it comes to claiming a reward you will receive it, provided you act as outlined above.