Skip to content

Welcome to PyreSwap!

Bug Bounty Program

Overview

Ensuring the security of PyreSwap and its smart contracts is of critical importnace. Hence, the establishment of the official PyreSwap Bug Bounty Program, to encourage the responsible disclosure of any possible bugs.

Rewards will be determined by the severity of the disclosed bug and the assets potentially affected.

Payouts may range up to 5% of the total token (pyreAVAX, pyreBNB, pyreFTM) supply (during PyreSwap's genesis event) or a maximum of 25K USDC's worth of the equivalent, depending on the circumstances.

Scope

The Bug Bounty Program encompasses vulnerabilities and bugs discovered in any deployed PyreSwap smart contract, that has not been declared retired or reclassified as legacy infrastructure, and remains in active use.

Excluded from the Bug Bounty Program are:

  • Third-party contracts not directly controlled by PyreSwap
  • Previously identified and resolved issues
  • Third-party applications utilizing PyreSwap contracts
  • The PyreSwap dApp, web interface, or other UI/UX materials

Rewards

The Bug Bounty Program categorizes issues according to the following priority/criticality scale:

  1. Priority 1: Issues with the potential to affect numerous users and carry significant reputational, legal, or financial consequences.
  2. Priority 2: Issues impacting individual users, where exploitation could result in moderate reputational, legal, or financial non-consensual risk to the affected user.
  3. Priority 3: Risks are relatively minor and do not pose a non-consensual threat to user funds.
  4. Priority 4: Issues that do not present an immediate risk but are pertinent to best practice guidelines, or optimization.

Rewards will be granted based on the severity outlined above, as well as the likelihood of the bug being exploited, determined at the sole discretion of the Seigniorage Circus.

Disclosure

All discovered vulnerabilities or bugs must be reported exclusively to the following email address: admin@seignioragecircus.org.

Until the Seigniorage Circus/PyreSwap has been notified, has resolved the issue, and has authorized public disclosure, the vulnerability must not be disclosed to any other individual, entity, email address, or made public. Furthermore, disclosure must occur within 24 hours of the vulnerability's discovery.

Providing a comprehensive report of a vulnerability enhances the likelihood of receiving a reward and may increase the reward amount. Please include as much information as possible about the vulnerability, such as:

  • The specific conditions necessary to reproduce the bug.
  • Detailed steps for reproducing the bug or, preferably, a proof of concept.
  • Potential consequences if the vulnerability were to be exploited.

Any individual who reports a unique, previously unreported vulnerability resulting in a code change or configuration alteration and maintains confidentiality until resolution by PyreSwap's engineers will be publicly acknowledged for their contribution, if they opt for recognition.

Eligibility

To qualify for a reward under this Bug Bounty Program, you must:

  • Discover a previously unreported, non-public vulnerability within the scope of this Bug Bounty Program, not previously known by the team.
  • Be the first to disclose the unique vulnerability to admin@seignioragecircus.org, following the disclosure requirements.
  • Provide adequate information for the Seigniorage Circus engineers to replicate and resolve the vulnerability.
  • Refrain from exploiting the vulnerability in any manner, including making it public or seeking profit outside of the Bug Bounty Program reward.
  • Maintain confidentiality regarding the vulnerability, disclosing it only privately to the Seigniorage Circus.
  • Make a sincere effort to prevent privacy violations, data destruction, or disruption to any assets within scope.
  • Avoid submitting a vulnerability stemming from the same underlying issue for which a reward has already been issued under this Bug Bounty Program.
  • Abstain from engaging in unlawful behavior when reporting the bug to admin@seignioragecircus.org, including threats or coercive tactics.
  • Not be a current or former member of the Seigniorage Circus Troupe.
  • Adhere to all eligibility criteria outlined in the Bug Bounty Program.

Reservation of Rights

Upon submission of your report, you hereby grant the Seigniorage Circus all necessary rights, including intellectual property rights, to validate, mitigate, and disclose the vulnerability. Reward determinations, including eligibility and amounts, as well as payment methods, are entirely at the discretion of the Seigniorage Circus' management.

Please note that the terms and conditions of this Bug Bounty Program are subject to change at any time.