From time to time issues are reported to us. They fall under a wide spectrum ranging from, “I have no clue what I am doing” to “There is a potential loss of funds due to protocol use”.
While we test internally and the code is a battle tested fork of Compound, edge cases remain. Especially so with Agora+ which is a cutting edge solution not prevalent elsewhere in the industry.
We want to reward the community for reporting issues before they blow up. As a fair launch protocol we do not have treasury funds to do so, but we do have token allocation left over from the marketing budget which we are putting to use for this.
In order to take out the arbitrariness out of the equation with respect to bug bounties we have created a framework for assessing them.
Bug Bounties should be submitted to the Bug Bounty channel on Discord.
TIER A
The highest reward will be reserved for issues that are contractual, have involved or have the potential to cause loss of funds, and the reporter provides a clear explanation of what they believe the issue is, what caused it and upon verification is deemed correct.
We will generally not compensate for the actual loss as users are meant to use the protocol at their own risk, but only for the reporting of the issue and its resolution.
This will be 10000 AGORA vested over a month.
TIER B
This is again contractual/configuration issues in which there is no loss of funds but only a perceived loss where the reported amounts are inaccurate. The reporter is again expected to provide a clear explanation of what they believe the issue is, what caused it and upon verification is deemed correct.
7500 AGORA over a month.
TIER C
Contractual or configuration issues that have involved or have the potential to cause loss of funds, but the reporter does not provide a clear explanation of what they believe the issue is, and what caused it. This is more of a finders fee.
5000 AGORA over a month.