HydraSwap Beta Bug Bounty Program

Earn up to $5,000 as Rewards

HydraSwap’s Beta version is now live on Solana Devnet. With the launch, we would like to encourage the whole community to join the HydraSwap Beta Bug Bounty Program. All your feedback and every suggestion will help HydraSwap better shape our products so we can continue enhancing your experience.

Bug hunters can compete for a 5000 USDC prize pool during the program, which runs from Wednesday, July 21st through Saturday, July 31st, 2021. The HydraSwap team will select 20 winners to be be awarded based on the severity of the bug, the quality of the reporting, and the thoroughness of the description.

Users willing to participate can do so using this form.

We would like to invite the HydraSwap community to participate in this program and share valuable ideas and feedback as well as identify flaws and vulnerabilities that have remained undetected.

Community participation is the key. We’re not only asking users to spot bugs and glitches but also to provide any wonderful product ideas that could help HydraSwap create a better experience for all our users.

The following features are included in Beta and are covered within the scope of the bug bounty program:

- Swap

- Adding Liquidity

- Liquidity Pool Farming

- Staking

- HMM: HydraSwap Market Maker

To apply for the program all Beta testers must fill this form in a detailed manner: https://forms.gle/jczUi5EWDSkBGzVm7

Being part of our community is also a prerequisite for eligibility. Participants must also:

1. Join HydraSwap Telegram Announcement group.

2. Join HydraSwap Telegram Community Chat group.

3. Follow us on Twitter.

4. Like the Beta announcement tweet and comment along with 3 other friends.

The two core areas to be assessed program participants are:

1. Smart Contract and Blockchain

- Empty or freeze the contract’s holdings (e.g. economic attacks, flash loans, reentrancy, logic errors, integer over-/under-flow)

- Cryptographic flaws

- Theft of yield

- Token holders temporarily unable to transfer holdings

- Users spoof each other

- Transient consensus failures

- Contract out of gas

- Contract consumes unbounded gas

- Block stuffing

- Denial of service (e.g. spamming block space)

- Contract fails to deliver promised returns but doesn’t lose value

- Not following best practices

2. Web Application

- Deletion of site data

- XSS/CSRF

- Arbitrary code execution

- Shell access on the server

- SQL injection

- Users spoof each other

- Leaking user data

- Insufficient validation before viewing sensitive pages

- Denial of service

- DNS zone transfer misconfiguration

- DoS amplification

- Unsecured recursive DNS resolver

- Open SMTP relay

- Bad SSL settings

- Missing security headers (with impact)

- Not following best practices

- UX issues

The Bug Bounty Program will run Wednesday, July 21st through Saturday, July 31st, 2021.

The Beta can be accessed here: https://beta.hydraswap.io/

Bug and feedback submissions can be sent here: https://forms.gle/jczUi5EWDSkBGzVm7

A full guide for testing can be accessed here: https://hydraswap.gitbook.io/hydra-beta-testing-guide/preparation

As this version is on Solana Devnet, in order to test, you’ll need to switch your wallet to Devnet and get SOL Devnet Faucets via airdrop.

All the steps for testing are detailed in the testing guide.

On the Beta version, only a few tokens are available for testing. Apart from SOL, these are HYSD and USDD.

- HYSD (Hydra Devnet Token)

Token Address: HdJ8pzRMFquse6MAdLTm2JHum51WFkocZX8YzXpPjNpG

This is the Devnet faucet of HYS (HydraSwap Token) that we issued for testing.

- USDD (USD Devnet)

Token Address: D11M7swUBM2wJWnUeTU9KCEv317gn8s1C8V7SJzXbfmm

This is the Devnet faucet we issued for testing to simulate stablecoins like USDC, USDT, etc.

You can use the above addresses to add these tokens to your wallet. Before adding new tokens, please make sure your wallet has SOL faucets, otherwise, new tokens can’t be added.

To get HYSD and USDD for testing, please submit your wallet address via this form. Our developers will airdrop the tokens in 24h.

https://docs.google.com/forms/d/e/1FAIpQLSdooL3nWhkXcMsrZSLcYQ0DOHUfMEC2QWxj703ZmuUctHoN1A/viewform?usp=sf_link

A total reward pool of 5000 USDC has been set up for a minimum of 20 program winners. Participants will be awarded depending on the severity and risk of the bug, as well as the likelihood of the occurrence.

All decisions pertaining to the winners of the program will be manually taken by the HydraSwap team. Winners will be disclosed one week after the event concludes on our official social media channels and telegram groups.

The prize will be awarded to the first or most detailed and helpful submission. Duplicate reports of known bugs aren’t eligible to win.Users can improve their chances of being rewarded by providing high-quality information in the following aspects: bug description, instructions for recreating the issue, and a solution (optional).If an error or vulnerability is found that has not been reported previously and which leads to code or configuration changes, users will be acknowledged publicly for their effort.Rewards will be established on an individual level. The bug bounty program, as well as its terms and conditions, are entirely at the discretion of the HydraSwap team.The program’s rules and conditions may vary as required by the HydraSwap team.

Without our strong and supportive community, the program would not be possible. We appreciate your patience and participation in our evolution and look forward to the years to come.

Thank you for your interest in HydraSwap and we hope you enjoy the Beta.

Cross-chain DEX on Solana, providing users with CEX-level trading experience, supported by game-changing HMM core and powerful multi-module components.

Twitter | LinkedIn | Facebook | Telegram | Reddit | Discord