Bug Bounty
A bug bounty program for Piggy’s smart contracts is now live. We intend for hackers to look for smart contract vulnerabilities in our system that can lead to loss of funds or locked components.
Vulnerability reports will be scored using the CVSS v3 standard. The reward amounts for different types of vulnerabilities are:
🚨 Critical (CVSS 9.0–10.0)
→ $5,000 - $50,000
⚠️ Major (CVSS 7.0–8.9)
→ $2,500 - $5,000
⚡ Medium (CVSS 4.0–6.9)
→ $1,000 - $2,500
🐛 Low (CVSS 1.0–3.9)
→ $500 - $1,000
Rewards will be awarded at the sole discretion of Piggy Contributor Mining. Quality of the report and reproduction instructions can impact the reward. Rewards are denominated and paid out in USD. If both parties agree, rewards can also be paid out in crypto.
For this initial bug bounty program, there is a maximum bounty pool of $250,000.
The bug bounty program is ongoing and has been running since Piggy launch.
Please responsibly disclose any findings to the development team, following these instructions:
- In order to report a vulnerability, please write an email to [email protected] with [SECURITY DISCLOSURE] in the subject of the email.
- We will make our best effort to reply in a timely manner and provide a timeline for resolution.
- Please include a detailed report on the vulnerability with clear reproduction steps. The quality of the report can impact the reward amount.
Failure to do so will result in a finding being ineligible for any bounties.
In scope for the bug bounty are all the smart contract components of the Piggy protocol. They can be found in the following repositories: