The security of the OpenLeverage protocol is our highest priority. Our development team, alongside third-party auditors and consultants, has invested considerable effort to create a protocol that we believe is safe and dependable.
A comprehensive test suite, including automated tests with Truffle, has been completed.
Major bugs discovered as part of the testing and auditing process were fixed. While we try our best to ensure the safety of the OpenLeverage protocol, we cannot guarantee all bugs have been discovered and resolved.
In preparation for a mainnet launch, we have completed rigorous testing on all of our smart contracts. We have also open-sourced our code and engaged Code4Rena, PeckShield, and CertiK to perform audits throughout our codebase.
The bug bounty covers the smart contracts from the commit of ..dfa3de on the master branch of the Github repository, not including the example contracts and the contracts in the test folder.
The bug bounty is now on and will continue until June 30, 2022.
Vulnerabilities that have been revealed from our existing audit reports are not eligible for the bug bounty;
Existing issues opened on the repository are not eligible for the bug bounty;
Non-security-related issues, such as front-end bugs and gas optimization, are not eligible for the bug bounty;
Do not publicly share the vulnerability before it has been patched;
When duplicates occur, we will only award the first report received;
Paid auditors by OpenLeverage are not eligible for the bounty.
Rewards will be based on the severity of the bug found, and rewards will be payable in USDT.
We will categorize each finding with the level of severity, which is solely at the discretion of the OpenLeverage Protocol team. We will follow the OWASP risk rating methodology and estimate a bug’s severity based on the potential impact and the likelihood of exploitation.
Critical: Up to 20,000 USDT
High: Up to 10,000 USDT
Medium: Up to 2,500 USDT
Low: Up to 500 USDT
Join our Discord channel for dev discussion and keep posted.