PsyFi Documentation
  • Welcome to PsyFi
    • Why use PsyFi?
    • PsyFi Product Suite
    • PsyVaults - Vaults Product
      • 🏗️Covered Calls & Secured Puts Vaults Architecture
      • 📶Leveraged Strategy Vaults (Call Spreads & Put Spreads) - Currently Paused
      • 💹Market Making Vaults - Currently Paused
      • 📚PsyVaults Resources
        • PsyFi Vault Contracts
      • 👩‍🏫PsyVaults Tutorials
        • 💵Weekly Bidding on V2 Vaults
        • 💰PsyVault Rewards
          • Auto-Deposit into PsyLend to Earn Rewards
          • Understanding Staking Rewards
          • Boosting your Staking Rewards
      • ❓PsyVaults FAQs
    • PsyLend - Structured Products Lending
      • 👩‍🎓Tutorials - Supplying & Borrowing
      • 🎰Supply & Interest Rate Calculations
      • 🅿️Lending Parameters
      • ⚒️Liquidations
      • 💰Rewards
      • ⚡Fees
      • *️Risks & Insurance Fund
      • PsyLend FAQs
      • PsyLend Glossary
  • PsyFi DAO Audits
    • Audits
  • Build with PsyFi
    • Options Protocol
      • American Style Options
      • Tokenized European Style Options
      • Under-Collateralized European Style Options
      • PsyOptions FAQ
    • Fusion - Airdropping Options - Deprecated
      • 👩‍🏫Fusion Tutorials
        • Users: Option Rewards and What You Can Do With Them
        • Users: Claiming Airdrops Through Fusion
    • Developers
      • Program Integration
      • Client Integration
        • Namespace: instructions
        • Namespace: serumInstructions
        • Namespace: serum utils
        • Enumeration: ClusterName
        • Enumeration: ProgramVersions
        • Class: Validation
      • PsyFi DAO Contributor Support
    • Designers
      • Logos
      • Fonts
  • Options Education
    • Styles of Options
    • Calls & Puts
    • Option Strategies
    • Glossary
  • PSY Token & DAO
    • PSY Tokenomics
      • PSY Token Unlock Schedule
    • Governance Infrastructure & Tokenomics
    • Governance Parameters
    • PSY 2.0: PSY Stake and DeMux Overview [RFC]
    • Governance Tutorials
      • Governance Overview & Walkthrough
      • Initializing a Proposal Using Poseidon [RFC]
      • PsyOptions Protocol Governance Actions
      • Voter Stake Registry Set Up
        • How to Lock Your Own Tokens
        • How to Propose Issuing Locked Tokens
        • How to Propose Clawing Back Granted Tokens
      • PSY 2.0 - How to Stake Your PSY to Start Participating in PSY 2.0 Governance
      • PSY 2.0 - How to Claim Rewards For Staked PSY
      • PSY 2.0 - How to Setup a RewardPool
      • PSY 2.0 - How to perform DeMuX Actions on Reward Pools [RFC]
      • PSY 2.0 - How to view tokens that are sent to DeMux [RFC]
    • Governance FAQ
      • 🐛PSY DAO Bug Bounty
    • Poseidon [RFC]
    • PsyFi DAO Contributors
Powered by GitBook
On this page
  • Classifications
  • Reporting
  • In-Scope
  • Out of Scope
  1. PSY Token & DAO
  2. Governance FAQ

PSY DAO Bug Bounty

The PsyDAO bug bounty program has been written to give an opportunity to white hats, security experts and users a safe way to report security vulnerabilities of the PsyDAOs on-chain programs and get rewarded while protecting users of the protocol. This bug bounty program is subject to change as reflected in this page.

Classifications

Level

Description

Bounty Size

Critical

Generally issues related to total or meaningful partial loss of user or DAO funds.

Up to $100,000 USD

High

Generally issues that could stop the program from functioning completely, withhold user funds or assign incorrect values to users funds.

Up to $20,000 USD

Medium/Low

Generally issues that do not put at risk user funds or delay on chain programs from functioning temporarily.

Up to $5,000 USD

Ultimately the classification and payout of a specific reported bug issue will be at the sole discretion of the DAO and may require an on-chain governance vote to assign classification and payout.

Payout of the bounty may be done either in a stablecoin or in equivalent value of $PSY tokens at the time of governance proposal creation (if bounty is paid out using a governance vote).

Reporting

To submit an issue send an email to security@psyoptions.io with a detailed description of the issue and proof of vulnerability.

The PsyDAO does not require proof of KYC to receive a bug bounty, unless it's suspected that the issue arises from privileged information that can only be accessed via a partner or PsyDAO contributor.

In-Scope

The following on-chain programs deployed by the PsyDAO:

  • PsyLend Protocol

  • PsyFi V2 Vaults Protocol

  • PsyOptions V2 Euro Protocol

  • PsyOptions V1 American Protocol

  • Fusion Program

Out of Scope

The following vulnerabilities are out of scope for the bug bounty program:

  • Attacks that have been already carried out by the reporter on mainnet

  • UI bugs

  • Social engineering attacks

  • Issues related to price oracles, include price manipulation of assets

  • Any Denial of Service Attacks

  • Issues requiring privileged material or information, such as private keys or simple governance attacks

  • Issues related to liquidity or lack there-of

  • Issues related to utilization of PsyLend assets

PreviousGovernance FAQNextPoseidon [RFC]

Last updated 2 years ago

🐛