Our smart contracts are audited by OpenZeppelin and ConsenSys. We take the security of our platform and the protocols very seriously. To further bolster the security of our smart contracts, we invite bug bounty hunters, traders, and other stakeholders of the ecosystem to find bugs in our platform.
We hereby launch our bug bounty program — the details of which are as follows:
- If you have a fix, directly create a pull request for the Mai and Mai v2 repositories.
- Only those issues will be considered outside of those already identified by the previous audit reports (OpenZeppelin and ConsenSys )
- Regarding duplicate submissions, the first one to submit the report will be considered.
- Before discussing the bug publicly, please inform us and allow us a reasonable timeframe to fix it.
Please send your submission to firstname.lastname@example.org
The compensation depends on the criticality of the found bug. To determine the severity of the bug, the OWASP risk assessment framework will be used.
While calculating the bug bounty reward, we also consider the quality of the submission. It includes a clear description, a test case, and a provided fix. We generally follow the below payout structure. Please note that payouts are determined at the sole discretion of MCDEX.
Note: Up to $500 USD
Low: Up to $2,000 USD
Medium: Up to $5,000 USD
High: Up to $20,000 USD
Critical: Up to $50,000 USD
All bounties are payable in MCB/ETH and other cryptocurrencies.