Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/curvefi/security-incident-reports

A repository documenting security incident reports at Curve Finance.
https://github.com/curvefi/security-incident-reports

Last synced: 3 months ago
JSON representation

A repository documenting security incident reports at Curve Finance.

Awesome Lists containing this project

README 

        
# Curve Security Incident Reports



This repository documents security-related disclosures at Curve Finance. Vulnerability reports are mentioned in `disclosures/` and audits are reported in `audits/`.



# Curve Finance Bug Bounty Program



## Scope:



Issues which can lead to substantial loss of money, critical bugs like a broken live-ness condition or irreversible loss of funds.



## Disclosure policy:



Let us know as soon as possible upon discovery of a potential security issue.

Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.



## Exclusions:



Already known vulnerabilities.

Vulnerabilities in front-end code not leading to smart contract vulnerabilities.



## Eligibility:



You must be the first reporter of the vulnerability

You must be able to verify a signature from same address

Provide enough information about the vulnerability



## Bounty



There are three tiers of Severity:



- Low

- Moderate

- High



There are three tiers of likelihood:



1. Almost Certain

   - High Severity: $250,000

   - Moderate Severity: $50,000

   - Low Severity: $10,000

2. Possible

   - High Severity: $50,000

   - Moderate Severity: $10,000

   - Low Severity: $1,000

3. Unlikely

   - High Severity: $10,000

   - Moderate Severity: $1,000

   - Low Severity: $1,000



## Contact



[[email protected]](mailto:[email protected])