SuperBots is expanding, and to make sure it’s on the strongest possible foundation, we need to make sure everything is perfect. Our security is already on point, but you never know, right?
That’s why Superbots is launching a Bug Bounty program! You are a security expert and want to help us make the platform even more secure? Or do you know someone who might be interested? Come and claim your rewards!
What is Superbots?
Simply put, Superbots is the decentralized version of its sister company, Upbots. But Superbots is much more than that, it’s also staking, it’s also NFTs and for an expansion to be healthy, you have to make sure it’s secure.
More precisely, SuperBots offers decentralized trading solutions via a “vault” in which users can deposit their capital and which will be traded on a decentralized market in a secure manner. SuperBots offers a multitude of Vaults trading on DEX and following precise trading strategies to get the most out of its capital.
The vaults are based on performance fees which are then distributed to the staking pool, to the developer of the algorithm, and to a lesser extent to SuperBots. SuperBots currently offers 8 bots and much more will come.
The Bug Bounty program
The rewards will be based on the classification system of our partner Immunefi, which is a simplified 5-level scale that ranges from “none” to “critical”. More specifically, the bounty hunt will focus on “High” or “Critical” impact.
The rewards will be classified as follows:
Websites and applications
The Impact on the scope
Only the following impacts are accepted within this bug bounty program. All other impacts are not considered as in-scope, even if they affect something in the assets in the scope table.
Direct theft of any user funds, whether at rest or in-motion, other than unclaimed yield
Permanent freezing of funds
Temporary freezing of funds for at least 1 day
Manipulation of tokens representing shares
Ability to execute system commands
Extract Sensitive data/files from the server such as /etc/passwd
Signing transactions for other users
Redirection of user deposits and withdrawals
Subdomain takeover resulting in the financial loss (applicable for subdomains with addresses published)
Wallet interaction modification resulting in financial loss
Direct theft of user funds
Tampering with transactions submitted to the user’s wallet
Submitting malicious transactions to an already-connected wallet
Spoofing content on the target application (Persistent)
Subdomain Takeover without a financial loss (applicable for subdomains with no addresses published)
Privilege escalation to access unauthorized functionalities
Bounty Program Closure
All bug reports must come with a PoC with an end-effect impacting an asset-in-scope in order to be considered for a reward. Explanations and statements are not accepted as PoC and code is required. In addition, all bug reports must come with a suggestion for a fix to be considered for a reward.
Prior to the official launch of SuperBots, this bug bounty program will also have a hard cap of USD 25 000. In the event that multiple bug reports are submitted that exceed this amount, the rewards will be provided on a first-come first-served basis. This program will be taken down once all USD 25 000 of rewards have been paid out.
You can check more details here: https://immunefi.com/bounty/superbots/