DAO Farmer Public Test Bug Bounty Program

3 min readFeb 13, 2022

We understand the critical nature of dealing with financial assets and our community’s safety is our absolute priority.

Therefore, after a rigorous audit submitted to CertiK, we decided to launch a community-based bug bounty program to be the latest addition to our project in terms of security. We’re inviting all security researchers and white hat hackers to look for bugs or vulnerabilities on DAO Farmer public test.

All rewards will be paid to the wallets specified at the time of submission after 7 days of the launch of DAO Farmer.

Time: Feb 14th, 4:00 AM UTC — Feb 16th, 4:00 AM UTC

You will find below all the pieces of information needed to participate in the program.

Rules

Public disclosure will make the issue report automatically ineligible
Technical knowledge is required for the process
In case of duplicates, only the first submission will be considered
Rewards will be decided on a case by case basis at the sole discretion of DAO Farmer
Rewards will mainly vary depending on the severity of the issue, but will also consider the quality of the report, the instructions for reproducibility, and the quality of the fix
Only submissions relevant to the bounty as mentioned above scope will be eligible for a reward
Determinations of eligibility and all terms related to an award are at the sole and final discretion of DAO Farmer
Submissions need to be related to the Bounty Scope to be eligible for a reward
Any interference with the protocol, client or platform services, on purpose or not during the process will make the submission process invalid
Terms and conditions of the bug bounty process may vary over time

While researching, please refrain from the following actions, as they would automatically exclude you from this program:

Denial of service
Attacks relying on social engineering (including phishing)
Attacks requiring access to leaked keys or credentials
Spamming

Bounty Rewards

For the bug bounty program, we have three tiers of rewards:

Tier 1 Rewards — Make constructive suggestions i.e., responsive issues, typos, UI errors, etc. (30 winners 300 pcs $DFW tokens each)
Tier 2 Rewards — Finding discrepancies with the official documentation description (15 winners 20 pcs $DAOF tokens each)
Tier 3 Rewards — Bug fixes may require smart contract redeployment or manual intervention to adjust parameters (5 winners 1 pcs common NFT each)

Vulnerabilities classification

Notes:

Proposals that might imply a serious improvement in terms of gas optimization might fit into low or medium categories, depending on the performance increase it brings.