LogoLogo
English
English
  • 🧭Navigation
  • 🦙Alpaca Finance
  • Our Protocol
    • 🏆Our Products
    • 📈How to Participate
      • Introduction to Six Simple Strategies to Earn
      • Strategy 1: Hold a Token While Earning High Yields at Low Risk; aka Lend & Stake
      • Strategy 2: Hold a Token Pair to Earn Auto-Compounded Yields Without Leverage
      • Strategy 3: Supercharge Your Stablecoin Yields
      • Strategy 4: Multiply Crypto Gains in a Bull Market
      • Strategy 5: Yield Farm Profitably in a Bear Market
      • Strategy 6: Multiply Crypto Gains in Any Market by Hedging
    • 🗺️Roadmap
    • 🔒Security
    • 📃Transparency (Audits & Contracts)
    • 🔗Links
    • 📰Media Coverage
    • ❤️Charity
    • 🌐Global Protocol Parameters
      • ⏫Leveraged Yield Farming Parameters
      • 📈AF1.0 Interest Rate Model
      • 📖Automated Vault Parameters
      • 📗Perpetual Futures Exchange Parameters
      • 📙AF2.0 Parameters
  • Tokenomics
    • 📀ALPACA Token
    • 💰ibTokens
    • ⚖️Pool Allocations
    • 🔥Proof of Burn
      • Burn Sources Details
  • Lending
    • 🏦Introduction to Lending
    • ❗Risks
    • ⏭️Step-by-Step Guide
      • Lend & Stake
      • Withdraw
  • Leveraged Yield Farming
    • 🚀Introduction to Leveraged Yield Farming
    • 🏊Pool-Specific Parameters
      • PancakeSwap Pools
      • Mdex Pools
      • Biswap Pools
      • SpookySwap Pools (Deprecated)
      • WaultSwap Pools (Deprecated)
    • 🧮Leveraged Yield Farming Mechanics
      • PancakeSwap Farms
      • Mdex Farms
      • Biswap Farms
      • SpookySwap Farms (Deprecated)
      • WaultSwap Farms (Deprecated)
    • 🌊AF1.0 Liquidation
    • ❗Risks
    • ⏭️Step-by-Step Guide
      • Open a Leveraged Yield Farming Position
      • Adjust a Leveraged Yield Farming Position
      • Close/Partially Close a Leveraged Yield Farming Position
      • Claim Rewards
      • Liquidate Positions
  • Automated Vaults
    • ⚙️Introduction to Automated Vaults
      • Market-Neutral Strategy
      • Savings Vault Strategy
    • 🧮Hedging Mechanics
    • ⏬Lowering Vault Leverage Mechanics
    • 🔏Private Automated Vault
    • 📈Backtest Results
    • ❗Risks
    • ⏭️Step-by-Step Guide
      • Invest in an Automated Vault
      • View Your Automated Vault Position
      • Withdraw from the Automated Vault
  • Perpetual Futures Exchange
    • 🔮Introduction to Perpetual Futures Exchange
      • Traders
      • Liquidity Providers
    • 🚀Launch Plan
    • 💲Trading Fee Discount Program
    • 🎁Referral Program
    • ❗Risks
    • ⏭️Step-by-Step Guide
      • Open a Leveraged Position
      • Manage a Leveraged Position
      • Close a Leveraged Position
      • Swap Asset
      • Invest in & Stake ALP token
      • Unstake & Withdraw ALP token
  • Alpaca Finance 2.0
    • 💎Introduction to Alpaca Finance 2.0
      • Money Market
      • Leveraged Yield Farming
    • 🚀Launch Plan
    • ⭐Incentive Rewards
    • 🌊AF2.0 Liquidation
    • ❗Risks
    • ⏭️Step-by-Step Guide
      • Deposit
      • Borrow
      • Repay
      • Withdraw
      • Transfer between Accounts
      • Looping Strategies
  • Governance
    • 🗳️Governance Vault
    • 🍃Grazing Range (New)
    • ⚡Early Withdrawal
    • 🔎Governance Sources Details
    • 📝Governance Discussion and Voting
    • 🗒️AIP Details
      • AIP-1: Handling of ITAM Rewards
      • AIP-2: Governance Vault on Fantom
      • AIP-3: Handling of Governance Vault’s Early Withdrawal Penalty
      • AIP-4.1: Handling of a recent bad debt on WaultSwap’s position
      • AIP-4.2: Solution to eliminate bad debt risks from remaining Waultswap positions
      • AIP-5: Interest Model Adjustment
      • AIP-6.1: Limiting Access to Automated Vault
      • AIP-6.2 Limiting Access to Automated Vault
      • AIP-7: Handling of a recent bad debt on Fantom Network
      • AIP-8.1: Increase AUSD utility by providing access to high-leveraged AVs
      • AIP-8.2: Increase AUSD utility by providing access to high-leveraged AVs
      • AIP-9: Deposit Liquidation Treasury Funds into Lending Pools while waiting to be used for buyback
      • AIP-10: Further optimizing the borrowing interest rate slope
      • AIP-11: Adjust Stability Fee for AUSD to help restore peg
      • AIP-12: Handling of bad debt from the recent stkBNB's depeg
      • AIP-13: Removing xALPACA requirement for accessing high-leveraged Automated Vaults
      • AIP-14: Close remaining LYF positions on stkBNB-BNB pool to avoid any potential future bad debt
      • AIP-15.1: Incentives for New Upcoming Products (Perp, AF2.0)
      • AIP-15.2: Distribution Method - Incentives for New Upcoming Products (Perp, AF2.0)
      • AIP-15.3: Incentives Amount for Perp - Incentives for New Upcoming Products (Perp)
      • AIP-15.4: Incentives Amount for AF2.0 - Incentives for New Upcoming Products (AF2.0)
      • AIP-15.5: Sources for Incentives - Incentives for New Upcoming Products (Perp, AF2.0)
      • AIP-16: Adjusting Slope3 max interest rate
      • AIP-17: Handling of extra ALPACA tokens from the AIP-15 incentives
      • AIP-18: Sunsetting Leveraged Yield Farming Support for MDEX pools
      • AIP-19: Implement Shielded Voting
      • AIP-20: Aligning AF1.0 lending performance fee structure with AF2.0
      • AIP-21.1: Adjusting bad debt repayment scheme from the stkBNB de-peg event
      • AIP-21.2: Adjusting bad debt repayment scheme from the stkBNB de-peg event
      • AIP-22: Paid Marketing Budget for Alperp and AF2.0
      • AIP-23: Sunsetting Leveraged Yield Farming Support for TUSD
      • AIP-24.1: New Governance Vault Implementation
      • AIP-24.2: New Governance Vault Implementation - Unlocking Period
      • AIP-24.3: New Governance Vault Implementation - Transferability
      • AIP-24.4: New Governance Vault Implementation - Early Withdrawal
      • AIP-24.5: New Governance Vault Implementation - Early Withdrawal Penalty Model
      • AIP-25: Migration from AF1.0 -> AF2.0
      • AIP-26: Transitioning the Governance Vault
      • AIP-27: Alpaca Insurance Plan Update
      • AIP-28: Updating Governance Voting Structure
      • AIP-29.1: Converting Remaining BUSD in AF1.0 lending into USDT
      • AIP-29.2: Charging conversion fees to the remaining BUSD depositors
      • AIP-29.3: Determining the conversion fees
      • AIP-30: New Product Proposal - Stablecoin
      • AIP-31.1 Handling of remaining assets in the AUSD’s stable swap module
      • AIP-31.2 Handling of remaining assets in the AUSD’s stable swap module
      • AIP-32: Distribution Plan to Lenders of Stablecoins from THE Liquidation
    • ⏭️Step-by-Step Guide
      • Lock ALPACA in Governance Vault
      • Lock more ALPACA/Extend Lock Time
      • Claim Rewards from Governance Vault
      • Add Custom tokens to your MetaMask
      • Vote on Alpaca Improvement Proposal (AIP)
      • Early Withdraw ALPACA from Governance Vault
      • Withdraw ALPACA from FANTOM Governance Vault on BNB Chain
      • Withdraw xALPACA from old Governance Vault
  • ALPIES
    • 🌗Introduction to Alpies
    • 🚋Bridging your Alpies
      • Bridging Alpies from ETH to BNB Chain
      • Bridging Alpies from BNB Chain to ETH
    • ⚡Boosted Leverage
  • Join the Herd (AlpaCareers)
    • 🚀Hiring Section
  • Help center
    • 👩‍🏫Alpaca Academy
      • Lesson 0 - How to Buy Alpaca and Start Earning Yields for Beginners(Lending+Staking)
      • Lesson 1 - Alpaca Finance’s Unique Use-Case — Shorting at a Profit
      • Lesson 2 - Introduction to Hedging with Double-Sided Borrowing
      • Lesson 3 - Liquidation Risk in Leveraged Yield Farming
      • Lesson 4 - Open/Close Positions With 0 Swap Fees
      • Lesson 5 - The Truth About Impermanent Loss and Common Misunderstandings
      • Proficiency Exams (earn NFTs)
    • 📚General Knowledge Articles
      • Navigating the Economic and Safety Landscape of DeFi
      • Yield Farming and Liquidity Mining: The Engines of DeFi Growth
      • Leveraging Advanced DeFi Instruments for Secured Funds Compounding with Alpaca Finance
      • Get Stablecoin Yields and Build Crypto Savings with Alpaca Finance's Lending Platform
      • Understanding the Basics of Decentralized Finance (DeFi)
      • Advanced Ways of Decentralized Trading with Alpaca Finance’s Perpetual Futures Exchange
      • Maximize Your Returns with Automated Vaults and Leveraged Yield Farming on Alpaca Finance
      • What does 'buy and hold' or HODL mean in investing?
      • What is DeFi Governance and why is it important?
      • What exactly are DeFi Money Markets?
      • What is yield farming and how does it differ from traditional investing?
      • What exactly does 'unlocking liquidity from long-term holdings' mean?
    • ❓FAQ
    • 🧰Useful Tools
    • 📘Terminologies & Calculation Methodology
      • 🧮APY Calculation
      • 📈Profit/Loss Calculation
    • ⚠️Common Error Messages
    • 💸Third-Party Earning Opportunities with ALPACA
  • Developers
    • 🐞Bug Bounty Program
    • 🎛️Protocol Configurations
    • 💻Integrating With Alpaca Finance
    • 🏛️AF2.0 Repurchasing Guide
    • ⚡AF2.0 Flashloan Guide
  • Past Products
    • 💵AUSD (Old)
      • 💵Introduction to AUSD
      • 💹How to Participate
      • 💦AUSD Liquidation
      • 〰️AUSD Price Stability Module
      • ❗Risks
      • ⏭️Step-by-Step Guide
        • Open an AUSD Position
        • Adjust an AUSD Position
        • Close/Partially Close an AUSD Position
        • Add/remove AUSD-3EPS LP tokens
        • Redeem AUSD for ALPACA
      • 📔AUSD Parameters
    • 🗳️Governance Vault (Old)
    • ⚡Early Withdrawal (Old)
    • 🌿Grazing Range (Old)
    • 💪Stronk Vault
Powered by GitBook
On this page
  • Issue Severity Classification and Associated Rewards
  • Rules
  • Responsible Disclosure Policy

Was this helpful?

  1. Developers

Bug Bounty Program

The security of Alpaca Finance’s systems is of the highest priority for our team. Yet, even with significant scrutiny and auditing, there’s still a possibility of vulnerabilities considering the novelty of the growing DeFi ecosystem.

That’s why on top of our own efforts and professional auditing, we put in place a Bounty Program to identify bugs and vulnerabilities in the protocol infrastructure and smart contracts. In other words, we’ll reward you for helping us make the system as invulnerable as possible.

We kindly ask you to notify us in case you discover an issue so we can immediately take steps to address and fix it. As compensation, we’re allocating 0.5% of the total supply of $ALPACA tokens to successful bounty hunters, which will come from our Warchest. Please review the program terms and scope below.

Issue Severity Classification and Associated Rewards

The submitted issue needs to meet a minimum severity standard of Low as described below in order to qualify for a reward. A successfully-reviewed submission will receive a reward in BUSD-BEP20 tokens based on the classified severity of the issue:

Low: Up to $ 1,000 — An issue that could cause user dissatisfaction or minor technical failure.

Medium: Up to $ 5,000 — An issue that could theoretically cause a minor loss of <.1% of the protocol funds, damage the protocol state, or cause severe user dissatisfaction or moderate technical failure.

High: Up to $ 15,000 — An issue that could cause the immediate loss of protocol funds between .1%< X <10%, or severely damage the protocol state.

Critical: Up to $ 100,000 — An issue that could cause immediate loss of >10% of the protocol funds or permanently impair the protocol state.

Rules

Rewards will vary depending on the severity of the issue. In addition, you can increase the reward by providing high-quality information in the following aspects: Issue description, instructions to reproduce the issue, and a solution(optional).

  • If you’d like to add more information regarding the reported issue, you can create a new submission that includes a reference to the initial one.

  • Technical knowledge is necessary for the process.

  • Duplicated reports of known issues are ineligible. The first submission will get the reward. So be sure to report promptly.

  • Rewards will be determined on a case-by-case basis. The bug bounty program, and the terms and conditions are at the sole discretion of Alpaca Finance.

  • The terms and conditions of the bug bounty program may change over time.

  • While the issue is active, any interference with the protocol or client/platform services, whether accidental or not, will invalidate the submission from receiving a reward.

  • Public disclosure of a vulnerability would guarantee a submission’s disqualification. Please read and abide by the following responsible disclosure policy or your report may become ineligible for a reward.

Responsible Disclosure Policy

If you discover a vulnerability, make sure to follow all the steps below:

  1. As soon as possible, write a report of the issue in as much detail and accuracy as you can, then send it to: bugreport@alpacafinance.org

  2. Do not reveal any information about the issue to anyone outside the team.

  3. Do not take advantage of the issue.

  4. Do not attack our system or protocol.

Once we receive your report, we promise to do the following:

  1. Respond to your report within 5 business days.

  2. Handle your report with strict confidentiality.

  3. Provide you updates regarding the progress of your submission status and the resolution of the reported issue.

  4. Give you credit by naming you as the successful bounty hunter of the issue, unless you desire otherwise.

  5. Offer you the proper reward as per the prior rules to thank you for helping us make Alpaca as secure as possible!

PreviousThird-Party Earning Opportunities with ALPACANextProtocol Configurations

Last updated 3 years ago

Was this helpful?

🐞
Page cover image