Bug BountyYour security is our priority

Security is always a top priority for the team, that’s why we have engaged one of the well-known smart contract security audit firms – CertiK. To further protect our users from exploits, we have chosen to proceed with CertiK’s full suite of security features; state-of-the-art security systems known as Skynet and CertiKShield. Yet, in the DeFi world, there is never 100% safe from exploitation. Therefore at Vault DeFi, we want to put in place a Bug Bounty Program to identify bugs and vulnerabilities on our platform and in our smart contracts. By doing so, we want to reward anyone who helps us to identify issues and keep us safe! We would like to kindly ask you to notify us immediately if you have discovered any bugs or vulnerabilities so that we can take swift action to address them. Please review the Bug Bounty Program’s terms and scope below.

Severity Classification and Rewards

Any submitted issues will be classified into one of the severities as listed below. To qualify for Bug Bounty Reward, the issue reported must meet the minimum requirement of a Low Severity. Our team will review the submission and the successful applicant will receive a reward in USDT tokens based on the classified severity of the issue:
  • Low: Up to $500 — An issue that could cause user dissatisfaction or minor technical failure.
  • Medium: Up to $1000 — An issue that could theoretically cause a minor loss of less than 0.1% of the protocol funds, damage the protocol state, or cause severe user dissatisfaction or moderate technical failure.
  • High: Up to $5,000 — An issue that could cause the immediate loss of protocol funds between 0.1% to 10%, or severely damage the protocol state.
  • Critical: Up to $25,000 — An issue that could cause immediate loss of greater than 10% of the protocol funds or permanently impair the protocol state.
  • Rules

    The bug bounty rewards will vary depending on the severity of the issue. In addition, you can increase the reward by providing us with high-quality information in the following aspects: Issue description, instructions to reproduce the issue, and a solution(optional). If you'd like to add more information regarding the reported issue, please include a reference to the initial one.Technical knowledge is necessary for the process.Duplicated reports of known issues are ineligible. Only the first submission will get the reward. So be sure to report promptly.Rewards will be determined on a case-by-case basis. The decision by The Vault DeFi team shall be final. The bug bounty program and the terms and conditions are at the sole discretion of The Vault DeFi team. The terms and conditions of the bug bounty program may change over time. While the issue is active, any interference with the protocol or platform services, whether accidental or not, will invalidate the submission from receiving a reward.Public disclosure of a vulnerability would guarantee a submission's disqualification. Please read and abide by the following responsible disclosure policy or your report may become ineligible for a reward.