Bug Bounty Program
Security is always a top priority for the team, that’s why we have engaged one of the well-known smart contract security audit firms – CertiK. To further protect our users from exploits, we have chosen to proceed with CertiK’s full suite of security features; state-of-the-art security systems known as Skynet and CertiKShield. We have also secured our Hives by implementing Chainlink’s Price Feeds - the industry standard for decentralized price oracles to prevent flash loans due to price manipulation.
Yet, in the DeFi world, there is never 100% safe from exploitation. Therefore, we want to put in place a Bug Bounty Program to identify bugs and vulnerabilities on our platform and in our smart contracts. By doing so, we want to reward anyone who helps us to identify issues and keep us safe!
We would like to kindly ask you to notify us immediately if you have discovered any bugs or vulnerabilities so that we can take swift action to address them.
Please review the Bug Bounty Program’s terms and scope below.
Any submitted issues will be classified into one of the severities as listed below. To qualify for Bug Bounty Reward, the issue reported must meet the minimum requirement of a Low Severity.
Our team will review the submission and the successful applicant will receive a reward in USDT tokens based on the classified severity of the issue:
Low: Up to $ 500 — An issue that could cause user dissatisfaction or minor technical failure.
Medium: Up to $ 2,500 — An issue that could theoretically cause a minor loss of < 0.1% of the protocol funds, damage the protocol state, or cause severe user dissatisfaction or moderate technical failure.
High: Up to $ 10,000 — An issue that could cause the immediate loss of protocol funds between 0.1% to 10%, or severely damage the protocol state.
Critical: Up to $ 50,000 — An issue that could cause immediate loss of >10% of the protocol funds or permanently impair the protocol state.
The bug bounty rewards will vary depending on the severity of the issue. In addition, you can increase the reward by providing us with high-quality information in the following aspects: Issue description, instructions to reproduce the issue, and a solution(optional).
- If you'd like to add more information regarding the reported issue, please include a reference to the initial one.
- Technical knowledge is necessary for the process.
- Duplicated reports of known issues are ineligible. Only the first submission will get the reward. So be sure to report promptly.
- Rewards will be determined on a case-by-case basis. The decision by HunnyFinance team shall be final.
- The bug bounty program and the terms and conditions are at the sole discretion of HunnyFinance team.
- The terms and conditions of the bug bounty program may change over time.
- While the issue is active, any interference with the protocol or platform services, whether accidental or not, will invalidate the submission from receiving a reward.
- Public disclosure of a vulnerability would guarantee a submission's disqualification. Please read and abide by the following responsible disclosure policy or your report may become ineligible for a reward.
If you discover a vulnerability, make sure to follow all the steps below:
- 2.Do not reveal any information about the issue to anyone outside the team.
- 3.Do not take advantage of the issue.
- 4.Do not attack our system or protocol.
Once we receive your report, we promise to do the following:
- 1.Respond to your report within 7 business days.
- 2.Handle your report with strict confidentiality.
- 3.Provide you updates regarding the progress of your submission status and the resolution of the reported issue.
- 4.Give you credit by naming you as the successful bounty hunter of the issue, unless you desire otherwise.
- 5.Offer you the proper reward as per the prior rules to thank you for helping us to be as secure as possible!