Bug Bounty
The bug bounty is open for security researchers and developers to contribute towards making Solvent Protocol more secure and preventing attacks involving theft of assets, freezing of funds, denial of services, and others.
The Solvent programs are fully open-source.
The bounty only covers the Solvent Protocol programs and reporting of potential vulnerabilities caused due to on-chain code and not UI bugs.

Reporting bugs and Rewards

For reporting any kind of bugs and vulnerabilities, please email us at [email protected]. The reports must be sent with a valid proof of concept.
Rewards are distributed as per the severity of the vulnerability reported:
Severity
Max. reward
Critical
Up to $250,000
High
Up to $50,000
Medium
Up to $10,000
Low
Up to $2,000
The rewards distributed are in the form of vested SVT tokens on Solana. The severity, and hence the prize amount, is estimated by multiple factors like value at risk, the likelihood of occurrence, urgency, etc.
The recipients of rewards can remain anonymous.

Out-of-scope reports

  • Bug reports that the reporter has already exploited, leading to damages.
  • Attacks requiring privileged access (governance, admin credentials) or leaked credentials.
  • Attacks/exploits occurring due to an external attack/exploit/vulnerability on another protocol/project.
  • Reports that suggest changes in code design that do not improve the security of the protocol.
  • Sybil attacks, 51% attacks.