Bug Bounty

The security of our smart contracts is our highest priority. To strengthen the safety of using the protocol, Neverlose.money runs a bug bounty program to encourage the community to inspect our contracts and security and report any system vulnerability.

Rewards

We offer bug bounty rewards for discoveries that can prevent potential security attacks or code errors that may harm users. We will pay a reward of up to $2,000 for eligible reports based on the level of severity as below.

Severity

Reward

Examples

Critical

$2,000

Any vulnerabilities that can be utilised for attackers to take financial gain such as: withdrawing a larger amount than the original locked-up fund taking more bonus than the allocated amount withdrawing from some else's fund stealing assets from a pool

High

$1,000

Any bugs that can lead to financial loss of users such as: permanently freezing pool assets preventing everyone from withdrawing their fund calculation errors of bonus, asset balance, etc.

Medium

$200

Any logic errors that cause smart contracts to be activated in different way to the original set-up

Low

$10

Other front-end bugs

Report

Please report any findings via the following steps:

  1. Go to Github Issues and create an issue ticket.

  2. Use this template on your report (must answer all the sections) - https://github.com/Steemhunt/neverlose.money-contract/blob/main/.github/ISSUE_TEMPLATE/bug_report.md

  3. Feel free to add additional details in your report.

Ineligible Findings

  • Duplicate vulnerabilities. Only the first reporter will be rewarded.

  • Findings already known as part of a formal disclosure from the team, audit reports, or 3rd-party affiliates that work with the team.

Others

  • Rewards will be paid in either BTC, ETH or HUNT tokens (as chosen by the reporter) calculated by the market value at the time when we transfer the reward.

  • You will get paid only when the findings are valid and we merge the fix.

  • This bounty program can be closed at any time without any pre-announcement.

  • The severity of the finding is at the sole discretion of the Neverlose.money team.