AirSwap, a P2P crypto trading network built on Ethereum, has announced the launch of a bug bounty to reward bug discovery and reporting on specific Solidity smart contracts, with rewards up to 20K DAI depending on risk severity.
The scope of the bug bounty is limited to contracts located within the AirSwap Protocols repository that have been deployed onto the mainnet. The latest mainnet deploys for the following are at this commit hash.
- Swap: Atomic Swap Between Tokens
- Indexer: Counterparty Discovery with Staking
- Index: Ordered List of Locators
- DelegateFactory: Deploys New Delegates
- Delegate: Onchain Trading Delegate
- Types: Types and Hashes
- Wrapper: Use ether for WETH trades
Severity is determined according to the OWASP risk rating model based on Impact and Likelihood.
Rewards for Bounty Payouts
- Low: Up to 250 DAI
- Medium: Up to 500 DAI
- High: Up to 2,000 DAI
- Critical: Up to 20,000 DAI
Bug Bounty Details and Terms
- Bounties go to the first to report via email to bounty@airswap.io
- Don’t steal or attempt to steal other funds.
- Don’t publicly disclose a bug before it has been fixed.
- Paid auditors of this code are not eligible for rewards.
- Issues that are mentioned in the security audits are not eligible.
- Non-security critical issues (e.g. style or gas optimizations) are ineligible.
- Determinations of eligibility, score and all terms related to an award are at the sole and final discretion of the AirSwap team.