Magpie
  • 📃Terms and Conditions
  • 📝Overview
  • 🌐The Magpie Ecosystem
    • ▫️Penpie (Pendle Finance)
    • ▫️Radpie (Radiant Capital)
    • ▫️Cakepie (PancakeSwap)
    • ▫️Eigenpie (EigenLayer)
    • ▫️Campie (Camelot DEX)
    • ▫️Listapie (Lista DAO)
    • ▫️Babypie (Babylon)
  • 🪙MGP Token
    • 🗳️Vote-Locked MGP
    • 🧮MGP distribution
    • 📊MGP Chart
    • 🧑‍🌾MGP Emission
    • 🪂MGP Airdrop
  • ✅The Benefits of vlMGP
    • 💰Earn
    • ⚖️Governance
    • 🎟️Access IDOs via the Magpie Launchpad
  • 🔍Reference
    • 💡Glossary
  • 📑Smart Contracts
  • 🌉Bridge
    • 🌉Bridge MGP tokens to Arbitrum
  • 📡Official Links
  • 📽️Media Kit
  • 🔐Security
    • 📄Audit Reports
    • 🕸️Immunefi Bug Bounty
Powered by GitBook
On this page
  1. Security

Immunefi Bug Bounty

Bug Bounty program

PreviousAudit Reports

Last updated 8 months ago

Rewards by Threat Level

Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System V2.2. This is a simplified 5-level scale, with separate scales for websites/apps, smart contracts, and blockchains/DLTs, focusing on the impact of the vulnerability reported.

All Critical Smart Contract bug reports must come with a PoC with an end-effect impacting an asset-in-scope in order to be considered for a reward. Explanations and statements are not accepted as PoC and code is required. In addition, all Critical severity bug reports must come with a suggestion for a fix in order to be considered for a reward.

Rewards for critical smart contract vulnerabilities are further capped at 10% of economic damage, with the main consideration being the funds affected in addition to PR and brand considerations, at the discretion of the team. However, there is a minimum reward of USD 50 000 for Critical smart contract bug reports.

Rewards for high smart contract vulnerabilities are further capped at 20% of economic damage, with the main consideration being the funds affected in addition to PR and brand considerations, at the discretion of the team. However, there is a minimum reward of USD 5 000 for High smart contract bug reports.

Known issues highlighted in the following audit reports are considered out of scope:

https://docs.magpiexyz.io/security/audit-reports

Payouts are handled by the MagpieXYZ team directly and are denominated in USD. However, payouts are done in USDC and BUSD.

Details

🔐
🕸️
https://immunefi.com/bounty/magpiexyz/