🐛PSY DAO Bug Bounty

The PsyDAO bug bounty program has been written to give an opportunity to white hats, security experts and users a safe way to report security vulnerabilities of the PsyDAOs on-chain programs and get rewarded while protecting users of the protocol. This bug bounty program is subject to change as reflected in this page.

Classifications

Level

Description

Bounty Size

Critical

Generally issues related to total or meaningful partial loss of user or DAO funds.

Up to $100,000 USD

High

Generally issues that could stop the program from functioning completely, withhold user funds or assign incorrect values to users funds.

Up to $20,000 USD

Medium/Low

Generally issues that do not put at risk user funds or delay on chain programs from functioning temporarily.

Up to $5,000 USD

Ultimately the classification and payout of a specific reported bug issue will be at the sole discretion of the DAO and may require an on-chain governance vote to assign classification and payout.

Payout of the bounty may be done either in a stablecoin or in equivalent value of $PSY tokens at the time of governance proposal creation (if bounty is paid out using a governance vote).

Reporting

To submit an issue send an email to security@psyoptions.io with a detailed description of the issue and proof of vulnerability.

The PsyDAO does not require proof of KYC to receive a bug bounty, unless it's suspected that the issue arises from privileged information that can only be accessed via a partner or PsyDAO contributor.

In-Scope

The following on-chain programs deployed by the PsyDAO:

  • PsyLend Protocol

  • PsyFi V2 Vaults Protocol

  • PsyOptions V2 Euro Protocol

  • PsyOptions V1 American Protocol

  • Fusion Program

Out of Scope

The following vulnerabilities are out of scope for the bug bounty program:

  • Attacks that have been already carried out by the reporter on mainnet

  • UI bugs

  • Social engineering attacks

  • Issues related to price oracles, include price manipulation of assets

  • Any Denial of Service Attacks

  • Issues requiring privileged material or information, such as private keys or simple governance attacks

  • Issues related to liquidity or lack there-of

  • Issues related to utilization of PsyLend assets

Last updated