Bug Bounty

Requirements

Disclosure must be made privately directly to the PowerPool team (e.g. by emailing to info@powerpool.finance)

The bug must not be exploited by the discloser except possibly for negligible amounts (and only if this is required to demonstrate the exploit)

The discloser must not reveal the exploit to anybody except the PowerPool team until the PowerPool team have addressed the exploit.

All disclosures must include detailed steps on how to perform the exploit.

Only the first discloser of a particular bug is eligible for a reward, although the PowerPool team may reward subsequent disclosures if they either provide additional information above the first report, or the bug is particularly severe, at the PowerPool team’s discretion.

Rewards for responsible disclosure

Exploits are divided into categories at the PowerPool team’s discretion.

Note

Exploit with minimal real impact, e.g. cosmetic issues. 50 - 250 CVP

Minor

Minor impact, e.g. exploits affecting functionality of the products, ability to vote, withdraw, etc. 250 - 1,000 CVP

Major

Exploits which can be used to access or take money that a user is not entitled to, e.g. exploits which can be used to mint additional tokens without providing the requisite inputs. 1,000 - 10,000 CVP

Critical

Critical exploits, e.g. the recent bug that in one of our smart contracts. 10,000 - 50,000 CVP[*]

Bug bounty rewards are not vested owing to their importance.