Skip to main content
All CollectionsOther information
Reporting a security issue or bug
Reporting a security issue or bug

Working to build a safer environment for crypto payments

Jack avatar
Written by Jack
Updated over a week ago

Overview

At BoomFi, we prioritize the security of our platform and the smart contracts that empower it. We firmly believe in the importance of maintaining a secure environment, and in this spirit, we have established the official BoomFi Bug Bounty Program.

Our BoomFi Bug Bounty Program is designed to encourage and reward responsible disclosure of any potential vulnerabilities. This system allows us to continually improve our security measures and ensure that BoomFi remains a trusted payments platform for our merchants and users.

We evaluate reported bugs based on their severity, with rewards allocated accordingly. For substantial findings, our BoomFi Bug Bounty Program offers incentives up to a remarkable 25,000 USDC. We see this as a testament to our commitment to safeguarding our platform and, more importantly, our community.

Scope

The scope of our Bug Bounty Program encompasses vulnerabilities and bugs found in any deployed BoomFi contract. This includes contracts housed within specified GitHub repositories. Should you discover a bug in a BoomFi smart contract outside of these repositories that potentially jeopardizes our transactions and user funds, rest assured our team will take it into consideration and deem it within the boundaries of our bounty.

However, we kindly note that the following areas fall outside of the Program's scope:

  • Contracts under third-party management and not directly controlled by BoomFi

  • Issues that have already been identified and documented in the audits for the above-mentioned contracts

  • Bugs found in third-party contracts or applications that make use of BoomFi contracts

  • The BoomFi DAPP, web interface, or any other materials unrelated to contract functionality

We appreciate your understanding and cooperation in focusing on the areas within the scope of our Bug Bounty Program.

Eligibility Criteria

For your submission to be considered for a reward under this Program, the following conditions must be met:

  • Uncover a previously undisclosed, non-public vulnerability, not known to our team and within the confines of this Program.

  • Be the first to report this unique vulnerability to [email protected], adhering to our disclosure guidelines.

  • Furnish enough details to allow our engineers to replicate and rectify the vulnerability.

  • Refrain from exploiting the vulnerability in any manner, including public disclosure or for any gain (excluding the reward from this Program).

  • Maintain privacy and confidentiality of the vulnerability, only reporting it privately to us.

  • Ensure a good faith effort to avert violations of privacy, data destruction, or disruption or degradation of any assets within the scope.

  • Avoid submitting vulnerabilities caused by an underlying issue that has already been rewarded under this Program.

  • Engage in lawful and ethical behavior when disclosing the bug to [email protected], free of threats, demands, or coercion.

  • Be a minimum of 18 years old. If you're younger, ensure your vulnerability submission is accompanied by parental or guardian consent.

  • Confirm that you're not a current or former employee, vendor, or contractor who participated in the development of the code related to the bug in question.

  • Adhere to all the eligibility criteria of the Program.

Additional Terms

By submitting your report, you grant BoomFi all necessary rights, including intellectual property rights, to authenticate, address, and disclose the vulnerability. All decisions pertaining to rewards, including eligibility, reward amounts, and the method of payment, are made at our sole discretion.

Please note, the terms and conditions of this Program are subject to change at any time.

Did this answer your question?