Skip to content

A repository documenting security incident reports at Curve Finance.

Notifications You must be signed in to change notification settings

mo-anon/security-incident-reports

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Curve Security Incident Reports

This repository documents security-related disclosures at Curve Finance. Vulnerability reports are mentioned in disclosures/ and audits are reported in audits/.

Curve Finance Bug Bounty Program

Scope:

Issues which can lead to substantial loss of money, critical bugs like a broken live-ness condition or irreversible loss of funds.

Disclosure policy:

Let us know as soon as possible upon discovery of a potential security issue. Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.

Exclusions:

Already known vulnerabilities. Vulnerabilities in front-end code not leading to smart contract vulnerabilities.

Eligibility:

You must be the first reporter of the vulnerability You must be able to verify a signature from same address Provide enough information about the vulnerability

Bounty

There are three tiers of Severity:

  • Low
  • Moderate
  • High

There are three tiers of likelihood:

  1. Almost Certain
    • High Severity: $250,000
    • Moderate Severity: $50,000
    • Low Severity: $10,000
  2. Possible
    • High Severity: $50,000
    • Moderate Severity: $10,000
    • Low Severity: $1,000
  3. Unlikely
    • High Severity: $10,000
    • Moderate Severity: $1,000
    • Low Severity: $1,000

Contact

[email protected]

About

A repository documenting security incident reports at Curve Finance.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published