Soy.Finance Bug Bounty

SoyFinanceFactory.sol.SoyFinanceRouter.sol.SoyToken.sol.StakingRewards.sol.WCLO.sol.Ownable.solCLOE_ERC20.solMulticall.solairdrop.sol

This contract system is an implementation of a decentralized exchange that features automated market making. The contract system is deployed at Callisto Network Mainnet:

Airdrop contract 0x06C0D53112b522c2cAA0B150Dc431386ceeC0cf0SOY token (sushi fork) 0x9427B6804e630Fed4e59000aC1D6C6bC9D6d1f6dCLOE token 0x1eAa43544dAa399b87EEcFcC6Fa579D5ea4A61870WCLO (wrapped CLO) token 0xC63c95d1d4f945141fE86EF978D6b99B8e3905d5SoyFinanceFactory 0x4A336fc533D28961c0E1de64b2083019b09cf3EcSoyFinanceRouter 0xB4dDe88Fd2D7Cf5AA0880fa2Ec893124Cbbe0FA3Multicall contract 0x8bA3D23241c7044bE703afAF2A728FdBc16f5F6f

GENERAL NOTE: only technical issues must be considered here. Trading losses or the lack of liquidity caused by the insufficient engagement are not considered contract-related issues.

$15,000 for finding a critical vulnerability.

A critical vulnerability is a vulnerability that can be directly exploited at any time and cause:

Total breach of the contract system and the loss of operability.Allow the withdrawal of funds or exchange of funds at the unexpected rate which can be exploited to the attacker’s advantage.Any circumstance at which one user of the contract can cause a direct loss of funds for another user.

$3,000 for fiding a medium severity vulnerability

A critical vulnerability is a vulnerability that can be exploited in some specific circumstances and cause:

Violation of access restrictions and performing owner-restricted functions without permission.Total or partial breach of the contract system and partial loss of operability.Allow the withdrawal of funds or exchange of funds at the unexpected rate which can be exploited to the attacker’s advantage.Any circumstance at which one user of the contract can cause a direct loss of funds for another user.

$100–500 for code flaws that can not violate contract workflow.

Any code flaw reports and suggestions that can improve the SoyFinance workflow. This bounty will be paid if the suggested solution will be implemented in final version of the contract system.

Submit an issue at the SoyFinance contracts repo: https://github.com/SoyFinance/smart-contracts/issues

The bugbounty will last for 20 days since the announcement. All reports submitted to the github issues thread during this timeframe will be reviewed by members of Callisto Security Department.

The first person to submit a bug report will be awarded a bounty if the reported issue is considered a vulnerability consistent with the bugbounty scope.

Payment method: the bounty can be paid in CLO or USDT. The requester must negotiate the payment method in the corresponding issue thread at github and provide the payment address there. Transaction hash will be published in the same thread as a proof after the payment is confirmed.

Questions: dexaran@callisto.network

TwitterTelegram news channelFacebook