Our team is incredibly grateful for the growth and success seen for both Fantom Foundation and its first native decentralized exchange (DEX), Spooky Swap. Our team has consistently had a strong commitment to security and pursued an audit by CertiK very early in our development. As attention on BOO builds due to it having the highest Total Value Locked (TVL) of any protocol on Fantom, we’ve made the decision to partner with Immunefi to publish a list of bug bounties which will help mitigate any future risk to SpookySwap contracts.
Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System. This is a simplified 5-level scale, with separate scales for websites/apps and smart contracts/blockchains, encompassing everything from consequence of exploitation to privilege required to likelihood of a successful exploit.
Smart Contracts and Blockchain
- Critical: Up to USD 500 000
- High USD 30 000
- Medium USD 5 000
Website and Apps
- Critical USD 50 000
- High USD 15 000
- Medium USD 5 000
All web/app bug reports are required to have a PoC in order to receive a reward.
Any report involving issues highlighted in the SpookySwap CertiK audit are considered as out-of-scope.
Payouts for bounties will be handled by the SpookySwap team directly and are denominated in USD. In order to prevent smart contract exploits, we want to put in place a system that will reward cyber security experts and create confidence in our investors who trust our smart contracts.
The SpookySwap team looks forward to the explosive growth coming to Fantom Opera as its scalability, fast speeds, and low transaction fees become utilized by more institutions and DeFi investors. We hope building confidence in the security of SpookySwap contracts helps to grow the entire Fantom network.