Deposit wstETH to earn . . .% APR with HyperYield Pool

Bug Bounty Program

Hord offers financial rewards to any security professional for identifying and reporting valid vulnerabilities and exploits on our app and domains.

One of the foundations of decentralized security is community-driven auditing. We encourage you to identify bugs, penetration vectors, front-end vulnerabilities, financial attack vectors, and other issues that may risk or destabilize the network and its operations.

How it Works

To report a potential bug, please fill out the form below with detailed and comprehensive information.

Our team reviews and prioritizes reported bugs and implements fixes accordingly. Please allow us time to correct an issue before making it public.

Rewards

Rewards are proportional to the severity of the reported issue. Upon receipt of the completed form, our development team assigns a severity score to the problem and prioritizes it accordingly.

The assessment of the reported bug will follow the OWASP risk rating model based on the impact and likelihood of the reported issue:

The reward amount per report is determined by the following factors:

  1. Demonstration of how the issue may be exploited to maximum effect.
  2. The severity of the issue.
  3. Issue complexity.
  4. Reproducibility of the issue.
  5. Existence of a Pull request with a valid fix of the issue.

Stable tokens or an equivalent amount in HORD tokens will be rewarded for valid bug reports. We might even pay higher amounts if we find the bug supercritical.

Below is a list of the approximate maximum amounts distributed, listed by order of bug severity:

  • Low
    up to 100 USD
  • Medium
    up to 500 USD
  • High
    up to 2,000 USD
  • Critical
    up to 5,000 USD

Stable tokens or an equivalent amount in HORD tokens will be rewarded for valid bug reports. If we find the bug supercritical and the report valid, we might pay even higher amounts.

We encourage you to uncover issues with the following characteristics:

  • Contracts

    Logic flaws/security issues / financial breaches.

  • Contracts

    Possible exploits and vulnerabilities - both architecture and implementation.

  • Contracts

    Upgradability and versions of schema attack vectors.

  • API

    Exploits, data breaches, leakages, permissions breaches, wrong behavior.

  • Hord Protocol

    Bugs, vulnerabilities, exploits, security breaches, cryptography errors.

  • Front-End

    Possible exploit by inserting malicious code, XSS attacks, clickjacking attacks or any vulnerabilities during Web3 interactions.

Eligibility

The first reporter who brings attention to a valid issue will be rewarded. Hord’s team might also choose to reward the first few people signaling the same problem.

We ask and encourage the community to report any bugs, even if they are not eligible for a reward. A better Hord is a win for all of us :)

Scope for

Including sub-domains and related mainnet environment.

Process

For security reasons, we might fix the bug even before contacting the reporter

  • Step 1

    Fill out the form

  • Step 2

    Get rewarded

Submit a bug