Bug Bounty Program
At Pramb, we are committed to maintaining the highest levels of security for our platform and protecting our users' funds. We believe in the power of community collaboration and encourage responsible disclosure of any vulnerabilities found in our smart contracts.
Rewards for Responsible Disclosure
We value the contributions of ethical hackers in helping us identify and fix vulnerabilities before they can be exploited. We offer competitive rewards for the responsible disclosure of vulnerabilities, based on their severity:
Bounties are listed in USD but paid out in stablecoins.
Impacts in scope
The Pramb Bug Bounty Program focuses on identifying vulnerabilities that could have a significant impact on the security and functionality of the Pramb protocol. Only the following impacts are considered in the scope of this program
Smart Contract Vulnerabilities:
Critical Impact:
Manipulation of governance voting, resulting in a deviation from the intended outcome, bypassing Advisory Board privileges.
Direct theft of user funds, whether at rest or in motion, excluding unclaimed yield.
Permanent freezing of funds.
Protocol insolvency.
High Impact:
Theft of unclaimed yield.
Permanent freezing of unclaimed yield.
Temporary freezing of funds.
Medium Impact:
Smart contracts are unable to operate due to a lack of token funds.
Block stuffing attacks.
Griefing attacks (e.g., no profit motive for the attacker, but damage to users or the protocol).
Theft of gas.
Unbounded gas consumption.
Low Impact:
Contract fails to deliver promised returns but does not lose value.
Out-of-Scope Impacts:
Any other impacts not listed above are considered out of scope for this bug bounty program, even if they affect assets covered by Pramb insurance policies.
How to Participate
If you discover a vulnerability in Pramb's smart contracts, please report it directly to our security team at [security email address]. We will review your report and work with you to verify and address the issue as quickly as possible.
Responsible Disclosure Guidelines
To be eligible for a reward, please adhere to the following guidelines:
Do not exploit the vulnerability or share it with others until it has been resolved.
Provide a detailed description of the vulnerability, including steps to reproduce it.
Do not attempt to access or modify user data.
Respect the privacy of our users and do not disclose any sensitive information.
Last updated