Bug Bounty Program

A Community-Driven Smart Contract Audit Program

The audit program will convince our non-technical community members to lend and borrow safely. Meanwhile, it will incentivize developers to participate actively and contribute by finding any existing vulnerabilities in our smart contract code. That way, we will promptly manage the risks related to the following events:
  • Thefts and freezing of principal of any amount;
  • Shutting down the entire system that may put users' funds in danger.

Rewards and payout rules

All rewards are paid out by the Aada Finance team. The reward size is 25,000 USD for critical smart contract vulnerability. Reward size is nominated in USD, but payouts will be made in AADA tokens. To be eligible for a reward, you must provide:
  • PoC (Proof of Consensus)
  • Suggestions of how to fix the vulnerability.

Assets in Scope

Participants can find all Aada Finance smart contracts on Github. However, only the assets in the list below are considered for bug bounty program rewards.
Disclaimer: If you find any critical vulnerabilities related to other Aada Finance assets that are not on the list, submit it as a report for a reward.

Out of Scope Cases & Bug Bounty Rules

Participation in the bug bounty competition adheres to all fairness and transparency principles. In this regard, the team will not reward vulnerabilities in the following scope:
  • Self-exploited attacks that have led to damage;
  • Breaches related to leaked keys or credentials;
  • Attacks threatening privileged addresses, e. g. governance, etc.
List of prohibited activities for the Aada Finance bug bounty program:
  • Any phishing or social engineering attacks against the protocol’s employees or users;
  • Testing through third-party applications (e.g., browser extensions) or websites (e.g., SSO, advertising, etc.);
  • DDoS attacks;
  • Automated testing that generates high amounts of traffic;
  • Public disclosure of unpatched vulnerabilities after seizing a reward.

How to submit a bug report

To report a bug, please contact us via mail at [email protected], Telegram, or Discord group! Remember to provide a PoS (Proof of Consensus) with your bug report.
Copy link
On this page
A Community-Driven Smart Contract Audit Program
Rewards and payout rules
Assets in Scope
Out of Scope Cases & Bug Bounty Rules
How to submit a bug report