User and system data security is a top priority for MarsDAO. We regularly conduct internal audits and audits provided by certified companies, but there is always the possibility of vulnerabilities given the newness of the evolving DeFi environment.
In this regard, in addition to our efforts as well as professional audits, we have introduced a rewards program to identify bugs and vulnerabilities in the ecosystem and smart contracts of MarsDAO products. The company rewards users for helping us make the system as invulnerable as possible.
Please be sure to notify us when any vulnerability is detected so that we could take immediate measures to address and fix it. As compensation for that, we will allocate a certain number of MDAO tokens, depending on the severity of the identified problem.
Please see the terms and conditions below.
Vulnerability classification and associated rewards
The identified vulnerability must meet the minimum severity level of "Low" as described below to qualify for a reward. We will reward a successful application with MDAO tokens, based on the classified severity of the problem:
Low: up to xxxx MDAO – a problem that in theory may cause user dissatisfaction or minor technical failure.
Medium: up to xxxx MDAO – a problem that in theory may cause a minor loss of less than 0.1% of protocol assets, disrupt the state of the protocol, cause serious user dissatisfaction or a moderate technical failure.
High: up to xxxx MDAO – a problem that may cause an immediate loss of protocol assets within 0.1% <X <10% or seriously damage the state of the protocol.
Critical: up to xxxx MDAO – a problem that may cause an immediate loss of more than 10% of protocol assets or permanently deteriorate the state of the protocol.
Rewards depend on the severity of the identified vulnerability. Users can increase the reward by providing high-quality information based on the following aspects: a description of the problem, instructions on how to reproduce the problem, and a solution (optional).
If you want to add additional information about the reported problem, you may submit a new message that contains a link to the original message.
You must attach a statement of work to the additional application form.
Duplicate reports of the vulnerabilities identified previously are not accepted, so the problem should be reported as soon as it is detected.
Rewards are determined on a case-by-case basis. The vulnerability detection reward program and terms remain at the discretion of the MarsDAO team and are subject to change over time.
As long as the problem is active, any interference with the protocol or client/platform services, whether accidental or not, will result in a reward unavailability.
Public disclosure of the vulnerability warrants disqualification of the application. Please be sure to read and comply with the Responsible Disclosure Policy, otherwise, your report may become ineligible for a reward.
Responsible Disclosure Policy
If you discover a vulnerability, be sure to follow these steps:
As soon as possible, file a report about the issue as thoroughly and accurately as possible, and send it to: [email protected]
Do not disclose the information to anyone outside of the MarsDAO team.
Do not take unfair advantage of the problem.
Do not attempt to attack the MarsDAO system or protocol.
After receiving your report, you will be offered a proper reward in accordance with the previous rules and will thank you for contributing to the sustainability and security of MarsDAO!