πΎBug bounties
We care about security and have an open bug bounty program. Details below.
π¦ Low severity: $1-10
These are issues that have a minimal impact on the security or functionality of the software. Examples might include issues that are purely cosmetic or that have a very low likelihood of being exploited. These are usually frontend issues to do with UX, formatting and layouts.
Examples:
a non-crucial link cannot be clicked because it is covered by an image
a the margin of a div missing in the MetaMask browser
a wrong error message (e.g. the error claiming that deposit has been claimed where it has not)
π¦₯ Medium severity: $10-100
These are issues that have some impact on the security or functionality of the software, but do not pose a financial risk.
Examples:
The frontend for sending USDT for Polygon is giving an error.
The user is getting an error where there should be none.
πΉ High severity: $100-$10k
These are issues that have a significant impact on the security or functionality of the software and pose a high risk.
Examples:
Being able to steal the funds from an individual transfer
Being able to steal the funds from Peanut gas or escrow contracts
Having Full access to frontend
Smart contract vulnerability affecting all transfers
π°History of Payouts
We've paid out 10 low severity bounties, 1 medium and 1 high severity. Total >$5000
βΉοΈ How to Report a Bug?
Ensure that the bug you have found is actually within the scope of the bug bounty program.
Reproduce the bug and gather all the necessary information about it. This includes demonstrating how the bug can be reproduced, and providing details like the steps required to reproduce it, the impact of the bug, and any relevant technical info.
Submit only if it's a high severity bug. Here's how:
Email your report to hello@peanut.to. Be sure to include all the information gathered in step 2, as well as any additional details that might be useful for understanding and reproducing the bug.
Open an issue on Github, If it's a low severity bug, please.
Wait for a response. If the bug is confirmed and meets the criteria for a reward, you'll get a notification and the reward will be paid out according to the program's guidelines.
Last updated