The bug bounty is open for security researchers and developers to contribute towards making Solvent Protocol more secure and preventing attacks involving theft of assets, freezing of funds, denial of services, and others.
The bounty only covers the Solvent Protocol programs and reporting of potential vulnerabilities caused due to on-chain code and not UI bugs.
Rewards are distributed as per the severity of the vulnerability reported:
The rewards distributed are in the form of vested SVT tokens on Solana. The severity, and hence the prize amount, is estimated by multiple factors like value at risk, the likelihood of occurrence, urgency, etc.
The recipients of rewards can remain anonymous.
- Bug reports that the reporter has already exploited, leading to damages.
- Attacks requiring privileged access (governance, admin credentials) or leaked credentials.
- Attacks/exploits occurring due to an external attack/exploit/vulnerability on another protocol/project.
- Reports that suggest changes in code design that do not improve the security of the protocol.
- Sybil attacks, 51% attacks.