The Immunefi bug bounty program of BiFi is focused on preventing the following threats:
- Thefts and freezing of the principal
- Thefts and freezing of the unclaimed yield
- Thefts and freezing of the governance funds
- Thefts and freezing of permission among contracts
- Manipulations of the contract functionality(DoS, Malicious Re-entrancy, etc.)
You can find the Immunefi bug bounty program at the following link: https://www.immunefi.com/bounty/bifi
| Threat Level | Reward |
|---|---|
| Critical | USD 100,000 |
| High | USD 20,000 |
| Medium | USD 500 |
| Low | USD 100 |
- All High and Critical Smart Contract bug reports require a PoC to be eligible for a reward.
- The following vulnerabilities are not eligible for a reward:
- Using a single on-chain price oracle as a price feed source (e.g., Uniswap, Sushiswap)
Payouts are handled by the BiFi team directly and are denominated in USD. However, payouts are done in BFC, ETH, Stablecoin (USDT or USDC) with the choice of the ratio at the discretion of the team.