Bug Bounty by ApeX

overview

This bug bounty program is focused on their smart contracts, website and app and is focused on preventing:

• Direct theft of any user funds, including liquidity providers’ and traders’
• Permanent freezing of funds
• Theft of nft’s unclaimed reward
• Permanent freezing of nft’s unclaimed reward
• Manipulate trader’s position
• Oracle price manipulation

Rewards by Threat Level

Critical smart contract vulnerabilities are capped at 10% of economic damage, primarily taking into consideration funds at risk, but also PR and branding aspects, at the discretion of the team. However, there is a minimum reward of USD 10 000.

1/ Smart Contract

• Critical Level - Up to USD $50,000
• High - USD $7,500
• Medium - USD $2,500
• Low - USD $1,000

2/ Websites and Applications

• Critical - USD $1,000

Impacts in scope

Only the following impacts are accepted within this bug bounty program. All other impacts are not considered as in-scope, even if they affect something in the assets in scope table.

Smart Contract

• Direct theft of any user funds, including liquidity providers’ and traders’ - Critical
• Permanent freezing of funds - Critical
• Theft of nft’s unclaimed reward - High
• Permanent freezing of nft’s unclaimed reward - High
• Manipulate trader’s position - High
• Oracle price manipulation - High
• Smart contract unable to operate due to lack of token funds - Medium
• Block stuffing for profit - Medium
• Griefing (e.g. no profit motive for an attacker, but damage to the users or the protocol) - Medium
• Theft of gas - Medium
• Unbounded gas consumption - Medium
• Smart contract fails to deliver promised returns, but doesn’t lose value - Low

Websites and Applications

• Taking Down the application/website - Critical
• Signing transactions for other users - Critical
• Direct theft of user funds - Critical