Bug Bounty Program
The DODO Team is always looking for feedback and constructive criticism. To this end, we've created a Bug Bounty Program, allowing DODO users to report vulnerabilities they find in the DODO contracts - and receive monetary reward for their efforts.
The DODO Team will assess the severity of vulnerabilities based on the CVSS scoring system, with rewards corresponding to different severity levels. The severity levels and their rewards are as follows:
- Very High (9.0-10) - up to $100,000
- High (7.0-8.9) - up to $10,000
- Medium (4.0-6.9) - up to $5,000
- Low (0.1-3.9) - up to $1,000
In addition to differentiating rewards based on severity, we also offer different rewards based on the impact of the vulnerability and the difficulty of discovery.
Any bugs or vulnerabilities must be reported to the DODO Team at [email protected] in order to be considered for the Bug Bounty Program. Bounty hunters should not disclose their discoveries to other individuals or groups until they have contacted DODO, but should inform the DODO Team as soon as possible after they discover the vulnerability. The email should include as much detail as possible about the vulnerability in your email, including:
- Conditions for reproducing the vulnerability
- Steps to reproduce the vulnerability
- The potential danger of the vulnerability
A detailed vulnerability report will increase the likelihood of receiving a reward, and will also increase the amount granted.
For users who provide a valid vulnerability report and keep it confidential, we will make a public acknowledgement with your consent.