Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update bug-bounty-program.mdx #18

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update bug-bounty-program.mdx #18

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 20 additions & 4 deletions docs/overview/security/bug-bounty-program.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,31 @@
sidebar_position: 2
---

import BugBountyUrl from '@site/static/img/overview/bug-bounty.png';
import BugBountyUrl from '@site/static/img/overview/Bug-Bounty-New.jpg';

# Bug Bounty

A bug bounty is currently open for Mars Hub and peripheral contracts. If you uncover a bug on Mars Hub testnet, report it via [Immunefi.com](https://immunefi.com/bounty/mars/) to potentially earn a bounty worth as much as $100,000. Rewards are distributed according to the impact of the vulnerability based on the [Immunefi Vulnerability Severity Classification System V2.2](https://immunefi.com/immunefi-vulnerability-severity-classification-system-v2-2/). This is a simplified 5-level scale, with separate scales for websites/apps, smart contracts, and blockchains/DLTs. As shown in the table below, the scale focuses on the impact of a given vulnerability.
Mars Protocol is committed to building a secure and robust DeFi ecosystem. We value your expertise in helping us identify and address vulnerabilities in our protocol. This bug bounty program rewards security researchers who discover and responsibly report vulnerabilities in our smart contracts and blockchain applications.

##Program Overview

Mars Protocol majorly consists of key components:
**Red Bank**: A money market protocol for lending and borrowing.
**Credit Accounts**: A generalized credit primitive for Mars outposts.

**Maximum Bounty: $100,000**

We offer competitive rewards for identified vulnerabilities. The severity of the vulnerability determines the reward amount.

##Rewards by Threat Level

<img src={BugBountyUrl} style={{ paddingBottom: 15 }} />

All bug reports must come with a PoC with an end-effect impacting an asset-in-scope in order to be considered for a reward. Explanations and statements are not accepted as a PoC and code is required.
##Reward Determination

- Rewards are based on the severity of the vulnerability using the [Immunefi Vulnerability Severity Classification System V2.2](https://immunefi.com/immunefi-vulnerability-severity-classification-system-v2-2/)
- All reports must include a Proof of Concept (PoC) demonstrating the vulnerability and its impact on in-scope assets. Code is required, not just explanations.
- Rewards for critical vulnerabilities are capped at 10% of the potential economic damage on mainnet, with a minimum of $20,000 and a maximum of $100,000.

Rewards for critical blockchain/DLT vulnerabilities are further capped at 10% of the economic damage potentially caused. However, there is a minimum reward of $20,000 and a maximum reward of $100,000. Please visit the [Mars Bug Bounty page on Immunefi](https://immunefi.com/bounty/mars/) for complete details.
Please visit the [Mars Bug Bounty page on Immunefi](https://immunefi.com/bounty/mars/) for complete details.