πŸ‘ΎBug bounties

We care about security and have an open bug bounty program. Details below.

πŸ¦— Low severity: $1-10

These are issues that have a minimal impact on the security or functionality of the software. Examples might include issues that are purely cosmetic or that have a very low likelihood of being exploited. These are usually frontend issues to do with UX, formatting and layouts.

Examples:

  • a non-crucial link cannot be clicked because it is covered by an image

  • a the margin of a div missing in the MetaMask browser

  • a wrong error message (e.g. the error claiming that deposit has been claimed where it has not)

πŸ¦₯ Medium severity: $10-100

These are issues that have some impact on the security or functionality of the software, but do not pose a financial risk.

Examples:

  • The frontend for sending USDT for Polygon is giving an error.

  • The user is getting an error where there should be none.

πŸ‘Ή High severity: $100-$10k

These are issues that have a significant impact on the security or functionality of the software and pose a high risk.

Examples:

  • Being able to steal the funds from an individual transfer

  • Being able to steal the funds from Peanut gas or escrow contracts

  • Having Full access to frontend

  • Smart contract vulnerability affecting all transfers

πŸ’°History of Payouts

We've paid out 10 low severity bounties, 1 medium and 1 high severity. Total >$5000

ℹ️ How to Report a Bug?

  1. Ensure that the bug you have found is actually within the scope of the bug bounty program.

  2. Ask on Discord whether it's known or check the Discord channel. This will lock the bug reward to you for 48h. If it’s a medium or high severity bug, please DM or email.

  3. Reproduce the bug and gather all the necessary information about it. This includes demonstrating how the bug can be reproduced, and providing details like the steps required to reproduce it, the impact of the bug, and any relevant technical info.

  4. Submit only if it's a high severity bug. Here's how:

    1. Email your report to hello@peanut.to. Be sure to include all the information gathered in step 2, as well as any additional details that might be useful for understanding and reproducing the bug.

    2. Open an issue on Github, If it's a low severity bug, please.

  5. Wait for a response. If the bug is confirmed and meets the criteria for a reward, you'll get a notification and the reward will be paid out according to the program's guidelines.

Last updated