Corez Protocol
  • Overview
  • Understanding BSC Layer
    • ReStaked Points
  • czBNB
    • Mechanism of czBNB
    • How LRTs Work
  • Deposit Boosts
    • Boost 1: $BSC Boost
    • Boost 2: BSC Layer LST Boost
    • Boost 3: BNB Deposit Boost
  • Corez Activate Token
    • Conversion and Utility
    • Benefits of NOT ($CAT)
    • Tokenomics
  • Introducing NOT (CAT) on Binance Launchpool! Farm CAT by Staking BNB and FDUSD
  • Furries
  • Audits
  • Bug Bounty
  • Reach Out to Us
Powered by GitBook
On this page

Bug Bounty

Corez is committed to maintaining a secure and robust platform for its users. To achieve this, we have established a comprehensive bug bounty program that rewards security researchers for identifying and reporting vulnerabilities. Our program is designed to incentivize the discovery of critical, high, and medium-level vulnerabilities within the Corez ecosystem, ensuring the safety and reliability of our platform.

Rewards by Threat Level

Rewards are distributed based on the impact of the vulnerability, following a structured classification system. This ensures that the most critical issues receive the highest rewards, reflecting their potential impact on the Corez ecosystem.

Critical Level Vulnerabilities

Smart Contract Bugs

For critical vulnerabilities in smart contracts, the reward amount is 10% of the funds directly affected, up to a maximum of USD 500,000. The calculation of the amount of funds at risk is based on the time and date the bug report is submitted. A minimum reward of USD 100,000 is provided to incentivize prompt reporting of critical issues.

  • Repeatable Attack Limitations:

    • Upgradeable or Pausable Contracts: If the vulnerable smart contract can be upgraded or paused, only initial attacks within the first hour are eligible for rewards. This is to encourage quick mitigation by the Corez team. The reward amount depends on the severity of the impact and the funds at risk.

    • Non-Upgradeable Contracts: For critical repeatable attacks on smart contracts that cannot be upgraded or paused, the reward considers the cumulative impact of the attacks. This warrants a reward equivalent to 10% of the funds at risk, capped at the maximum critical reward.

High Level Vulnerabilities

For high-level vulnerabilities that involve theft or permanent freezing of unclaimed yield/royalties, rewards range from USD 10,000 to USD 100,000, depending on the funds at risk.

  • Temporary Freezing: In the event of temporary freezing, the reward doubles from the full frozen value for every additional 24 hours that the funds are temporarily frozen, up to a maximum cap of the high reward.

Medium Level Vulnerabilities

Medium-level vulnerabilities are those that can cause significant disruption or potential losses without directly affecting user funds.

  • Rewards: These vulnerabilities are rewarded based on their potential impact, with a range of USD 1,000 to USD 10,000.

Web/App Bug Reports

For critical web/app vulnerabilities, a reward of USD 25,000 is provided if the impact leads to:

  • Loss of funds involving an attack that does not require any user action.

  • Private key or private key generation leakage leading to unauthorized access to user funds.

All other critical impacts are rewarded a flat amount of USD 10,000. Other severity levels are paid out according to the Impact in Scope table.

Submission and Evaluation Process

  1. Report Submission: Security researchers submit their findings through a designated bug bounty platform or directly to the Corez security team.

  2. Initial Review: The Corez security team conducts an initial review to validate the report and assess its severity.

  3. Detailed Analysis: A detailed analysis is performed to understand the potential impact and feasibility of the reported vulnerability.

  4. Reward Determination: Based on the severity and impact, the reward is calculated and communicated to the researcher.

  5. Payment: Payouts are handled directly by the Corez team and are denominated in USD. Payments are made in USDC, based on the average price between CoinMarketCap.com and CoinGecko.com at the time the bug report is submitted.

Reward Payment Terms

  • Denomination: Rewards are denominated in USD, but payments are made in USDC.

  • Calculation: The net amount rewarded is based on the average price between CoinMarketCap.com and CoinGecko.com at the time the bug report is submitted.

  • No Adjustments: No adjustments are made based on liquidity availability.

By participating in the Corez Bug Bounty Program, security researchers play a vital role in enhancing the security and resilience of the Corez ecosystem. We value and appreciate their contributions to creating a safer DeFi environment for all users.

PreviousAuditsNextReach Out to Us

Last updated 8 months ago